From nobody Tue Jan 7 09:03:08 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YS4p50r61z5kCxp; Tue, 07 Jan 2025 09:03:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YS4p508YFz4tnq; Tue, 7 Jan 2025 09:03:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736240589; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ISvK5WdNHdoK+vTPtTMBRfDEWOQv38xlFwtlbBKe1Ck=; b=HfyTB0JxaDmsLksRxWFgCocECgZUwBnfpdnGZquE/YV0PUBJr8GR+tiun/45ZfPaB/QzKS tvNfl0fDmVrn1hWe/1HmSgqWwVTTW4z+bpnglEUlvqQZhC3GX81F6ittV1AZ50EWmRcz9P 1/VA3nmvEgDb/K6pdDV1eYF9KRZQ4Vk3rQa9ekPbo5GuSgSaeEFr/dv+hVRIkxQeOinyGo fOqs8HPEe9BIGvtJuszPc7Z2Zx0f9v5/HB4NFeMJIMHSpV1KrjC5IlUeympBID9TLNlTlW r/lKMmLU++jD0jxBwwg1gNPaRNHJzBoe/MUc8LQoIBGZN2/71o4icilkdpWnSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736240589; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ISvK5WdNHdoK+vTPtTMBRfDEWOQv38xlFwtlbBKe1Ck=; b=vHRABed63FRVgBJ3UQOEEfqG5HZY6PF4PzM+dhADFAi6usfxaWPJDHA6t3Z/56wD4qd5dY 3pkT3mFsEa5+4JRCGgqyayw2BwZKei2CdsaMppTLEVpvcYiTy9HltLg4+9pJS0vfgZLsxy v7xaRSYXUHhvAbPc6VmRtorBJ8jj/XALvqBmKlDHmzlMF0b2PNj8wDHNVaSFFwOmY9gYAA 80U7wPbhH0lG5NLKButyozAKwr3e7UZaDqlE3b4O60BvEYoSaAZBNQgqRZLROWWX9l7Bnh MD7sA6kCGJesJ/AKkUpcgomVqgGWt2sOtueMyNoJOI29pVQwLpH2NgXkwOJuog== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736240589; a=rsa-sha256; cv=none; b=besshIPByNgoEOqmytHuO4jFVAdbJUj6e52rQj9GvGtf4Oq+sXKzl78Rr3+cKBDsaPeEC5 zK+1KalNDAaLzNpshTrKSetmNW6/vGPotGiS72GZ8070FUMQInx7P5P26scnJBn6AWKHaZ XlxUB3rgn1vOZS7hP53kavtzxUk7hYrRK1TfaRsLCMeFpi1W2PRxhDhXFoCUP4scfn0XOh 1BqPeuAI4gcmWZX1mykPYHZxMO9b89FYQVPmeHDVfHSeKMlUgF8VmilgMv6MzFqWRgHQB/ /Ieswf5B/dtZa38ooE2Ru7Kk46mbpLk2ah69B8Nm1HZHZov9NqsGAIIbAErDkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YS4p46XXSz13HL; Tue, 07 Jan 2025 09:03:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5079385Y097056; Tue, 7 Jan 2025 09:03:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 507938Vn097053; Tue, 7 Jan 2025 09:03:08 GMT (envelope-from git) Date: Tue, 7 Jan 2025 09:03:08 GMT Message-Id: <202501070903.507938Vn097053@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Baptiste Daroussin Subject: git: 58734b18794b - stable/14 - libusb: fix hotplug sigbus List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bapt X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 58734b18794b772a2f964bf08863808680f0c81a Auto-Submitted: auto-generated The branch stable/14 has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=58734b18794b772a2f964bf08863808680f0c81a commit 58734b18794b772a2f964bf08863808680f0c81a Author: Baptiste Daroussin AuthorDate: 2025-01-03 09:50:30 +0000 Commit: Baptiste Daroussin CommitDate: 2025-01-07 09:02:57 +0000 libusb: fix hotplug sigbus When a hotplug callback has been registered, and the program using libusb is calling libusb_exit then the thread handler is set to NO_THREAD which result in the variable controlling the loop the be set to 0, it does a last pass through device available without having done a scan, which result in a sigbus after it tried to unregister all the devices. directly break the loop instead and cleanup the list of devices this fixes the tests with LGPLed libusb's hotplugtest program MFC After: 3 days Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D48298 (cherry picked from commit ba5834b8e11fd002a663d083a464e397e76cb3a9) --- lib/libusb/libusb10_hotplug.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/lib/libusb/libusb10_hotplug.c b/lib/libusb/libusb10_hotplug.c index 9d00b1dbe5a0..98903686f76b 100644 --- a/lib/libusb/libusb10_hotplug.c +++ b/lib/libusb/libusb10_hotplug.c @@ -112,22 +112,25 @@ libusb_hotplug_scan(void *arg) libusb_device *temp; libusb_device *adev; libusb_device *bdev; - unsigned do_loop = 1; - while (do_loop) { + for (;;) { usleep(4000000); HOTPLUG_LOCK(ctx); + if (ctx->hotplug_handler == NO_THREAD) { + while ((adev = TAILQ_FIRST(&ctx->hotplug_devs)) != NULL) { + TAILQ_REMOVE(&ctx->hotplug_devs, adev, hotplug_entry); + libusb_unref_device(adev); + } + HOTPLUG_UNLOCK(ctx); + break; + } TAILQ_INIT(&hotplug_devs); - if (ctx->hotplug_handler != NO_THREAD) { - if (libusb_hotplug_enumerate(ctx, &hotplug_devs) < 0) { - HOTPLUG_UNLOCK(ctx); - continue; - } - } else { - do_loop = 0; + if (libusb_hotplug_enumerate(ctx, &hotplug_devs) < 0) { + HOTPLUG_UNLOCK(ctx); + continue; } /* figure out which devices are gone */ From nobody Tue Jan 7 09:03:29 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YS4pT63lpz5kCmt; Tue, 07 Jan 2025 09:03:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YS4pT4mlkz4vJM; Tue, 7 Jan 2025 09:03:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736240609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=v2LAVu4sn6XOHpNP/h6L47cjqWvruGBn10Vhr2ACg54=; b=DlvZXns190afdP36C9nILZfG4MIIkB5tfYlnSI+m9jeOfyOd0D80f0f/E//IdHIyiUgewz AWTGg+5D8IxHLc7kQzt+U6HeQBHe5OHnTQ4gYy35xqDhOrFgl2EP8RelQZL0nbNgh2vxY1 yg/DBznDWLA+Kq4yynyWRgGevPiNC35l34KeSdQ3SIWVxMGypm5ax3gj5y6FUmVt12t3el O2GOZGZjk7bBisg+wvy8zhloQUjZlUe+mqk4VGtOWnN/eX1nHADadxwNsFMzbWFBH0wOlA pwGvQrS1OaDPiNo7pSm7Dff/KMva0rhq/Dy2J6ICtFpTjQYReHK/arqNo1oImQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736240609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=v2LAVu4sn6XOHpNP/h6L47cjqWvruGBn10Vhr2ACg54=; b=BgGCEKMgKV5Q8Z2m+CKjsqz1NLBjfARC50YwYl6RpEEbuWAT82E+91flJ36SEzTqqsYzmh GvmSuLrKi84hz9JZVK4d0HhtmPb32nw3j/nFgQKHfJmoqbjY5fj/24kdSA7IPw80QPz3na I1ahVLCMOnTXalYj+k1w9UBT544aAAfcZZYYxmQZ7dAz53mltP69HUp/O5TX9lIleFzQxi bjpV/prffxGmr556GhRyIaexBbMvH5xMwePPAbtb7Kkwi+aIcAywfkek6YFzg48gkCpT+e KdZxQ+sHXkcbSbi/WCsBASWaMyeeMt7SeS1F3j1tTIgWjmbrb1I70WEmNwE8jw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736240609; a=rsa-sha256; cv=none; b=k8POy8cIHzCOXgddBkOOC9tfX9jIGlv82L5dtS+W1yR8vJzHsn5F9G/yRGYQ98MInAMwi8 Y+d79YkXkPoV75P6aLSldBWJFmi3M1eYLWwbQHr9U8ZBN78oyE19ztw001bkRzhruy7b3x YiQSdqLqgkWRKLMLf4RSfGlUV00A7KmieJGjH9qqkZVPq1nht71OBJQboVy5N+FYIg1HJU iAXsp1EyUhE8/UOf9GtLk3FUdNcVuhY+e8b/2vzO0/QvIi2/LdVHCp+XKofCdrTjjXITdu 7E0Zmj7c99NEQHgd8VrFmGeKWEfaPMg+SnoScCMWgHcHOGhkUeePh0vXbY6eBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YS4pT3W3Zz13Z6; Tue, 07 Jan 2025 09:03:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50793TN6097265; Tue, 7 Jan 2025 09:03:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50793T5n097262; Tue, 7 Jan 2025 09:03:29 GMT (envelope-from git) Date: Tue, 7 Jan 2025 09:03:29 GMT Message-Id: <202501070903.50793T5n097262@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Baptiste Daroussin Subject: git: eb9fa4c2d786 - stable/13 - libusb: fix hotplug sigbus List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bapt X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: eb9fa4c2d786b327bb4d9bd7727428c70a33c710 Auto-Submitted: auto-generated The branch stable/13 has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=eb9fa4c2d786b327bb4d9bd7727428c70a33c710 commit eb9fa4c2d786b327bb4d9bd7727428c70a33c710 Author: Baptiste Daroussin AuthorDate: 2025-01-03 09:50:30 +0000 Commit: Baptiste Daroussin CommitDate: 2025-01-07 09:03:21 +0000 libusb: fix hotplug sigbus When a hotplug callback has been registered, and the program using libusb is calling libusb_exit then the thread handler is set to NO_THREAD which result in the variable controlling the loop the be set to 0, it does a last pass through device available without having done a scan, which result in a sigbus after it tried to unregister all the devices. directly break the loop instead and cleanup the list of devices this fixes the tests with LGPLed libusb's hotplugtest program MFC After: 3 days Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D48298 (cherry picked from commit ba5834b8e11fd002a663d083a464e397e76cb3a9) --- lib/libusb/libusb10_hotplug.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/lib/libusb/libusb10_hotplug.c b/lib/libusb/libusb10_hotplug.c index 9d00b1dbe5a0..98903686f76b 100644 --- a/lib/libusb/libusb10_hotplug.c +++ b/lib/libusb/libusb10_hotplug.c @@ -112,22 +112,25 @@ libusb_hotplug_scan(void *arg) libusb_device *temp; libusb_device *adev; libusb_device *bdev; - unsigned do_loop = 1; - while (do_loop) { + for (;;) { usleep(4000000); HOTPLUG_LOCK(ctx); + if (ctx->hotplug_handler == NO_THREAD) { + while ((adev = TAILQ_FIRST(&ctx->hotplug_devs)) != NULL) { + TAILQ_REMOVE(&ctx->hotplug_devs, adev, hotplug_entry); + libusb_unref_device(adev); + } + HOTPLUG_UNLOCK(ctx); + break; + } TAILQ_INIT(&hotplug_devs); - if (ctx->hotplug_handler != NO_THREAD) { - if (libusb_hotplug_enumerate(ctx, &hotplug_devs) < 0) { - HOTPLUG_UNLOCK(ctx); - continue; - } - } else { - do_loop = 0; + if (libusb_hotplug_enumerate(ctx, &hotplug_devs) < 0) { + HOTPLUG_UNLOCK(ctx); + continue; } /* figure out which devices are gone */ From nobody Tue Jan 7 18:33:24 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YSKS42Xzqz5jkFb; Tue, 07 Jan 2025 18:33:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YSKS41qR2z4nv1; Tue, 7 Jan 2025 18:33:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736274804; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8AMjBXbpmFCuy8gE5yoeNUXFOS77T1AUylMNi7Lx5Tk=; b=fWb6rDkducT6Kb3dC4wk+cQXRbX4La1rlezjN47tQThz3vanNMpkSP+iZXUsNpQm4/43WC 7vF8/qEEvKHI92UZVlGjRnXlaAEMhxH4BEa36wKksHBziWIRiqup27lpwwgj1UQcza8QE9 SfTXSqnQS4v31hw26ggt+49BPkmSMF+7SMj/5CoUamfcek/416DBLqK4rIX7Tjaaj/o/1O OFOnMGpV6S2zHEDRR1mA+YuX/b8zqqKrRLwkMlSzv1LSh0/AsvSocoPLrsxmPLRONu57dZ OD/F2BfMMs8QSP5NGfgL4dTwoWSD+echbTNrmbJHbQ6kxOHSWBSKpHQYXZ2W8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736274804; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8AMjBXbpmFCuy8gE5yoeNUXFOS77T1AUylMNi7Lx5Tk=; b=fziYh4fHFoMzk1N0GhAOohb9bMAVskbjtF+2ckldY+FN2c202hXt1d244lRiSQ9N+CGklp 4pMz2xBnbw7qXe4NMxjKeavlD2VgARRY98jQT/mEXLRvXtknPW3GmkOZUxoVY8Sp1a5EV1 9Bx5FeCzmgNm6uXChsMDhghnd0TUvwzRWgohi9UZiCn/N8xCx1tQOnRPOMohf55OzGGa6d NKrSkJKPE0NssiTW8BMOrFK1ZqOZ3MrnoWvCO75HVjd0Mwc0KTl9G2qc/BTxWdeeTjUy7j UZKUrCRnvlc35Njl7cyAgUS2ZNpkVxnlgtkffcz4/DzELaOA8SWmHOFLMhjIMg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736274804; a=rsa-sha256; cv=none; b=utcZhF1AAjCIS6uuAqvga8TboWUfsf5YJMR0cqoBMTKyGrVuzFxQUsj6LhMGm5HKLT6rYx O/pz5tJEXiRI/d0iWYxRtbs6H8s+u8vTgwjpECtEyX9+QDzBNEXtknaP5XIBwAgZnsOZ4Q FGimbfwTHfx1JRYkn+4hWm5DAk/DTM289+YddweGpjhzB2g0JWWrJt9jIVDAKMvH7u2caD EVRofGbCjk1pskt2s/3MyKMyMe0MFTiNwl652cNBQuscq3PjV4qgl0lbbGkg6bQiclQLLp 4ZuabqE8EjqVFDJ3z1LjFYIc1S05proCk9M9PPO86khwpqNej2jtM6fH25RYKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YSKS41QQYz5Tx; Tue, 07 Jan 2025 18:33:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 507IXOqm066903; Tue, 7 Jan 2025 18:33:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 507IXOxn066900; Tue, 7 Jan 2025 18:33:24 GMT (envelope-from git) Date: Tue, 7 Jan 2025 18:33:24 GMT Message-Id: <202501071833.507IXOxn066900@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 02a71cfa504e - stable/13 - SU+J: all writes to SU journal must be exempt from runningbufspace throttling List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 02a71cfa504ebab7b94722068f57c8f4bdd509e2 Auto-Submitted: auto-generated The branch stable/13 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=02a71cfa504ebab7b94722068f57c8f4bdd509e2 commit 02a71cfa504ebab7b94722068f57c8f4bdd509e2 Author: Konstantin Belousov AuthorDate: 2024-11-12 06:29:23 +0000 Commit: Konstantin Belousov CommitDate: 2025-01-07 18:31:56 +0000 SU+J: all writes to SU journal must be exempt from runningbufspace throttling PR: 282449 (cherry picked from commit 46f02c4282ff76b66579c83be53ef441ea522536) --- sys/ufs/ffs/ffs_softdep.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/ufs/ffs/ffs_softdep.c b/sys/ufs/ffs/ffs_softdep.c index f2df1a8e7fc3..62af80d7eb40 100644 --- a/sys/ufs/ffs/ffs_softdep.c +++ b/sys/ufs/ffs/ffs_softdep.c @@ -3625,6 +3625,7 @@ softdep_process_journal(struct mount *mp, int cnt; int off; int devbsize; + int savef; ump = VFSTOUFS(mp); if (ump->um_softdep == NULL || ump->um_softdep->sd_jblocks == NULL) @@ -3636,6 +3637,8 @@ softdep_process_journal(struct mount *mp, fs = ump->um_fs; jblocks = ump->softdep_jblocks; devbsize = ump->um_devvp->v_bufobj.bo_bsize; + savef = curthread_pflags_set(TDP_NORUNNINGBUF); + /* * We write anywhere between a disk block and fs block. The upper * bound is picked to prevent buffer cache fragmentation and limit @@ -3854,12 +3857,15 @@ softdep_process_journal(struct mount *mp, */ if (flags == 0 && jblocks->jb_suspended) { if (journal_unsuspend(ump)) - return; + goto out; FREE_LOCK(ump); VFS_SYNC(mp, MNT_NOWAIT); ffs_sbupdate(ump, MNT_WAIT, 0); ACQUIRE_LOCK(ump); } + +out: + curthread_pflags_restore(savef); } /* From nobody Tue Jan 7 18:48:48 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YSKns1rQkz5jlr6; Tue, 07 Jan 2025 18:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YSKns15Tcz4q1T; Tue, 7 Jan 2025 18:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736275729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OrPvuJ/YPTiDw+ZHnLlwewi1ja1c2cHrj4vZhwdYt4Y=; b=l9eOh6yAtMY2onFLHxleMtvXwJPT87cw7RKtMuuxgdn/k2qqUkrnJPxsp1T/lnmi7Fb8H2 PJxRyEHAFbxEkBgTJRmad1r3q+xo/GG3Pdk+Gm8M+l2gTxWP5OIKrC8tmUDaXdb8Rcgya5 +Jgf4lwGXn9fc0USVP5fvEE9eRClB+Pzs9kJwP4IerTx3azHOIRrq1XyI/i9ABdLLTP4Cu Bbut50/Lypd0Hs13/hbQQVRJ7Uo5Wpbdy1XZc6MSVGgmYI3NkQHMTsAMe8Je9q2a0Z74eC Psucde0txGqDhdL02DJ0gE3Kn5Eu4DR424SdAqimHV8QI6ve9is+u6UoOg9YIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736275729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OrPvuJ/YPTiDw+ZHnLlwewi1ja1c2cHrj4vZhwdYt4Y=; b=IrlKmqR6u8g3IJF2fhrpyEK3WPh3DkE2VFY9/ADn2ZMNx8PyWaNgbNnfRY4oEeXQS5UbGc EwDN0JPym1JLQIccze67RHW35fDA47rq9Vfa+q1yVvjixzVpc3l6otBvU6mRI8cCpmZoWY y++46XtrMXAkPG2K1kOKVTnLlTETckS0JHe2ywCvj2JoVJ2ha5bPne1PC27Ae9HJDyZ4Uk rYf/J5BoRE/KeGVyd6yMW8BIkBUrtznEPpBVa/TvD7Lot6epnSK66JVosZ8aniR94Utxi2 Tb+rF3lnfi7lgCPOEsEhis/nurm0JYr5bZ6lznZpWjHnRpKoi7z/C1ohTwgcoQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736275729; a=rsa-sha256; cv=none; b=i7ujS8ac05UR/yns0Cte+vvpYd5vcYm7/0UBSuhmCi4jn01/nnIPQr6UJpCboJCJ5juhTb Hdh5A8y7A9NTLoVXKnRpgnLG7MhD13zzxP7m1xaRPFB3N6kveu/XtDDtECk6xMOZdBQVxk MGZsGNaJTktEtHUWkQ/fUhLIVqvAcl+xt5hKMSvY5b10dW0lJRV0QDHpUyba06oTcx8o86 IviX5LNPoR0iJhMR11LYz4HEdYGLQk+lToQazfQliQjk/1bZZ5FWZ6wjTsBPc4y5zFNFLW ckkiNARWOMD30Jb48/++Fni556ZRzXYzXc4WhaGg7ViaeZ7TGF2BlCxLWbjtWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YSKns0P8Qz69t; Tue, 07 Jan 2025 18:48:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 507ImmK0087205; Tue, 7 Jan 2025 18:48:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 507Immo2087202; Tue, 7 Jan 2025 18:48:48 GMT (envelope-from git) Date: Tue, 7 Jan 2025 18:48:48 GMT Message-Id: <202501071848.507Immo2087202@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 452f261b8c8e - stable/14 - kernel: Clarify kern.elfNN.nxstack sysctl description List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 452f261b8c8ed7dbc90976cf776c35915f2d765f Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=452f261b8c8ed7dbc90976cf776c35915f2d765f commit 452f261b8c8ed7dbc90976cf776c35915f2d765f Author: Ed Maste AuthorDate: 2024-12-27 20:42:17 +0000 Commit: Ed Maste CommitDate: 2025-01-07 18:48:32 +0000 kernel: Clarify kern.elfNN.nxstack sysctl description The nxstack sysctl controls processing of the PT_GNU_STACK segment, not directly whether or not the stack is executable. Reviewed by: kib, shurd Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48221 (cherry picked from commit 837feb4d05c2dccafa1698649b58f7b7fdc59c54) --- sys/kern/imgact_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 23ddf3ac717a..18adb8adf4c8 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -126,7 +126,7 @@ int __elfN(nxstack) = #endif SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, nxstack, CTLFLAG_RW, &__elfN(nxstack), 0, - __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack"); + __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": support PT_GNU_STACK for non-executable stack control"); #if defined(__amd64__) static int __elfN(vdso) = 1; From nobody Tue Jan 7 18:48:50 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YSKnt34Xrz5jllp; Tue, 07 Jan 2025 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YSKnt1WKnz4py2; Tue, 7 Jan 2025 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736275730; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NJz4o3DKNEWmEfM5FiexfdkcvDFjnMMpV91jogUThUU=; b=i7e4zBmwmA4gRW/KmboSICWhO5Qs2XGC+moBFPpHqwGh6GhNz5IMCup+Di8zZdy85I19Ct RdV7uQSv7w8FFOhqKmoCKGz67+Uv4mnF4KfmGqKKy6QywAAsyUhf1WDTC+NdYWLUfFBSgM 5ysJeqdIXukNyqQIAky7ODa6fqfkqKqu0wL8zXO3Cf5J8Z3QfJoOPAxhjFL9txq3alcuiJ tqfOr4EL+T4P6plPzoYk6O25wEp21KO+JBPDJDK7oJIX52GM4F4utAMiQ08OLhyj/IdmhU XWUwao3k2PW/HJb0vRm1mPE5d4PUW9ZKG314Nrt1lr0cNEEOQV5MF/ijW/wPbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736275730; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NJz4o3DKNEWmEfM5FiexfdkcvDFjnMMpV91jogUThUU=; b=a0M/4usO+tNUaPezhv4XVGN5JpMUIZ2ANIMb+5qnPrjUEY+aToDnVtJNSzVZnvJzDmQJfh tr9mxUmV1t5sMqCXAW1jfzoRScigPkbwxTTTcaHlAjOTMMZ5i3KRMJ7OOtZyoYfbBm+H7K CznaP3mfcpLmc3Z0yzkdEtiPhFoeIFIgzjs5vElw56krXXruTAzUZA1tszrdrXBHTB4AE1 vQAct7S9E3YKXiAIi6AJLViv+q23dRDuEUZrSwZqCB0xnnVSxHvF9LJz8/Bk+jVO7rFUSZ wtlZqgEpTbHK9nEa7QMIraUrzbvKtgZaBJE6IKX9H9ZVTsm5ukEEebjRjGQalg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736275730; a=rsa-sha256; cv=none; b=H/KMYNbrqWok+aOHq/BdcvbTZs7bX3tRWuibrwUnU9/IBzrU187zsXsPTP45yIm8q2sUP7 /sgjFtEgKFINNnwgMZpZTSRc8vMCQKGEyV+yozCOOH7ieQDr+ak9DjvvkjBWmqejM0dVE9 DVRp/fiB0NjO+ZPFA6SwXuYmK3K0X3GO6H13XplhsjGn1jWh6tQ59096B7UZLAaqGL18Pd urhj6NTZbUAOLtp1MYQw90YN0FHAco6v46JCVQJYryHQqxiax783Qe80BbLjkCkarIoK/3 sVYLErisGnBywJnPfidaj+29gerrCz5kDMpSOncj95bcrEFouNh3kaMRfKb3ng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YSKnt11dfz6Jn; Tue, 07 Jan 2025 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 507Imoxp087243; Tue, 7 Jan 2025 18:48:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 507Imo9e087240; Tue, 7 Jan 2025 18:48:50 GMT (envelope-from git) Date: Tue, 7 Jan 2025 18:48:50 GMT Message-Id: <202501071848.507Imo9e087240@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 96ef85cc51ba - stable/14 - lindebugfs: Export symbols List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 96ef85cc51ba2eccc6a043227aa993180e5a0473 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=96ef85cc51ba2eccc6a043227aa993180e5a0473 commit 96ef85cc51ba2eccc6a043227aa993180e5a0473 Author: Ed Maste AuthorDate: 2024-12-07 18:03:40 +0000 Commit: Ed Maste CommitDate: 2025-01-07 18:48:33 +0000 lindebugfs: Export symbols We currently rely on the kernel linker resolving undefined references against local symbols from other kernel modules. Be explicit about the symbols to export, in advance of changing that behaviour. PR: 207898 Reviewed by: kib, bz Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47980 (cherry picked from commit c3d2c959b5c0ea05d6e5162def35d51ec267590c) --- sys/modules/lindebugfs/Makefile | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/sys/modules/lindebugfs/Makefile b/sys/modules/lindebugfs/Makefile index 542a2fb7b6da..62a86ac50460 100644 --- a/sys/modules/lindebugfs/Makefile +++ b/sys/modules/lindebugfs/Makefile @@ -7,4 +7,25 @@ SRCS+= ${LINUXKPI_GENSRCS} CFLAGS+= ${LINUXKPI_INCLUDES} +EXPORT_SYMS= debugfs_create_atomic_t +EXPORT_SYMS+= debugfs_create_blob +EXPORT_SYMS+= debugfs_create_bool +EXPORT_SYMS+= debugfs_create_dir +EXPORT_SYMS+= debugfs_create_file +EXPORT_SYMS+= debugfs_create_file_size +EXPORT_SYMS+= debugfs_create_file_unsafe +EXPORT_SYMS+= debugfs_create_mode_unsafe +EXPORT_SYMS+= debugfs_create_symlink +EXPORT_SYMS+= debugfs_create_u8 +EXPORT_SYMS+= debugfs_create_u16 +EXPORT_SYMS+= debugfs_create_u32 +EXPORT_SYMS+= debugfs_create_u64 +EXPORT_SYMS+= debugfs_create_ulong +EXPORT_SYMS+= debugfs_create_x8 +EXPORT_SYMS+= debugfs_create_x16 +EXPORT_SYMS+= debugfs_create_x32 +EXPORT_SYMS+= debugfs_create_x64 +EXPORT_SYMS+= debugfs_remove +EXPORT_SYMS+= debugfs_remove_recursive + .include From nobody Thu Jan 9 06:11:20 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YTDtw6JWtz5k7DM; Thu, 09 Jan 2025 06:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YTDtw5NzRz4JP4; Thu, 9 Jan 2025 06:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736403080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DKAu1/lUpQO5/sHo2fvd+H2U78UMdxLx6IBUSEj9zP4=; b=EdkWU+AXFl+ulkf3bWdZP8yNIFExFbjYmOzOIJWSNOuoJXfjtiARFQb25tkVKlf+SAY5Kw jlKHYHOULT8PVoMJr3yB6K/4aGlg2irP08C1vvW2FMw2mEIR0WYnybSx4jtCEFAxot9AvQ mnmWujsD7uOa55V/AX3DGohzDlu8OOp46mnSDqZxxiEVMsw62vHUqzoz3b48Fd90RNrF33 /ZlCPd9DjOwKsDf6Ky18/R7oXhzv6lF5w8DJd1+ZVrQmkDhWmv9IwSdVzLZxx5MOnLZ2n7 v68Z/YNMns+t/B21gUJhVyOB/F8/gl47i8rD6/t2hvICNok7Jxjw+gL2XsliBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736403080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DKAu1/lUpQO5/sHo2fvd+H2U78UMdxLx6IBUSEj9zP4=; b=SudEazPgo6vE7QBGNlSAaYcqlv8Ku+X2hCDtgUKCDXl4hHjuCFqWGDpXRffYt3qKi7msNp 9SD0d/cH6OaaUV1QO/EazCeZvvBnqfA+s8OHk7PQuUVBZzB3uvmIvkvr+eFwwIMfBXEKZ5 NXIUHe2/Giu65SZ4zVc9LyxiSR6psMqDEVkd6WHqpQWutOS8j2e27kHJbM/89e86a/r5y2 wKx8E6Cjcrn0ACSQYqFfFNW2XXm0dhulEZM+Rh9aBQzcEXWh+bqkpZlnV5YwmyaG1bNFqJ DqIIeLmT8hYo2oYQhcjJjXCjNpdTovmtHP3WSf1WRKuuGPRr4VpHmSL1CgSePA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736403080; a=rsa-sha256; cv=none; b=c/DyLpfHytd+/9bK3EnXxbAPmQS0v1qKLCRoDeRFJXUlUaiV3NkgHVkDkTivskDKSvQ1qg f6wESuD8HASHhIaNlN5pQ/AaUJEfwf++1dcMMEzB21gK+MTN0BC1NGdTotJCHVk+U6rI9B sq7HiXcYQXGKTu5Yax34Aaov0e7mva1243d7GMWRQH6ggwGmDwaz6mLcsoyPDIQuwIE5ej R5nQWg2swCX83FD+QAsoWcShaDircShLm22sXfDLKNABo19DaUtM0pb8PVPQl3nnO6ARgD m1RtJJUX/Uenu4UK2u+vn6SxHYGVY6o3ECSJ2oyZFDdPCqVp3aIFontmT5+8PA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YTDtw4y9Tz1SSD; Thu, 09 Jan 2025 06:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5096BKTR066616; Thu, 9 Jan 2025 06:11:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5096BKE3066613; Thu, 9 Jan 2025 06:11:20 GMT (envelope-from git) Date: Thu, 9 Jan 2025 06:11:20 GMT Message-Id: <202501090611.5096BKE3066613@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Jason A. Harmening" Subject: git: 6584e5a1c54f - stable/14 - mount(8): Avoid truncation when fstab-formatting unionfs mount info List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jah X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 6584e5a1c54ff24ed7c9eb80a884b4e7f54e7288 Auto-Submitted: auto-generated The branch stable/14 has been updated by jah: URL: https://cgit.FreeBSD.org/src/commit/?id=6584e5a1c54ff24ed7c9eb80a884b4e7f54e7288 commit 6584e5a1c54ff24ed7c9eb80a884b4e7f54e7288 Author: Jason A. Harmening AuthorDate: 2024-12-22 06:36:30 +0000 Commit: Jason A. Harmening CommitDate: 2025-01-09 06:10:00 +0000 mount(8): Avoid truncation when fstab-formatting unionfs mount info When displaying unionfs mounts in fstab format (`mount -p`), mount(8) currently uses strlcpy to remove the disposition prefix from the mount name returned by getmntinfo(3). But strlcpy, like strcpy before it, does not guarantee correct behavior if the source and destination buffers overlap. Just offset the buffer and avoid the destructive copy in the first place. PR: 283420 Reviewed by: imp (previous version), olce Differential Revision: https://reviews.freebsd.org/D48177 (cherry picked from commit a314c60625af1829b7e12c3a4cedb74d7f69d074) --- sbin/mount/mount.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index 2fcc94e40818..bb84d9696d12 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -901,9 +901,11 @@ void putfsent(struct statfs *ent) { struct fstab *fst; + const char *mntfromname; char *opts, *rw; int l; + mntfromname = ent->f_mntfromname; opts = NULL; /* flags2opts() doesn't return the "rw" option. */ if ((ent->f_flags & MNT_RDONLY) != 0) @@ -914,16 +916,14 @@ putfsent(struct statfs *ent) opts = flags2opts(ent->f_flags); opts = catopt(rw, opts); - if (strncmp(ent->f_mntfromname, "", 7) == 0 || - strncmp(ent->f_mntfromname, "", 7) == 0) { - strlcpy(ent->f_mntfromname, - (strnstr(ent->f_mntfromname, ":", 8) +1), - sizeof(ent->f_mntfromname)); + if (strncmp(mntfromname, ":", 8) == 0 || + strncmp(mntfromname, ":", 8) == 0) { + mntfromname += 8; } - l = strlen(ent->f_mntfromname); + l = strlen(mntfromname); xo_emit("{:device}{P:/%s}{P:/%s}{P:/%s}", - ent->f_mntfromname, + mntfromname, l < 8 ? "\t" : "", l < 16 ? "\t" : "", l < 24 ? "\t" : " "); @@ -939,7 +939,7 @@ putfsent(struct statfs *ent) l < 8 ? "\t" : " "); free(opts); - if ((fst = getfsspec(ent->f_mntfromname))) + if ((fst = getfsspec(mntfromname))) xo_emit("{P:\t}{n:dump/%u}{P: }{n:pass/%u}\n", fst->fs_freq, fst->fs_passno); else if ((fst = getfsfile(ent->f_mntonname))) From nobody Sat Jan 11 02:48:35 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJ34fxqz5l4WK; Sat, 11 Jan 2025 02:48:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJ34HTyz4HCc; Sat, 11 Jan 2025 02:48:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563715; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3mOXv1G/E5y9PBvLJZ1yFNZCvTCX4FJW2N5ubTBIusw=; b=X6jNk5oILEWuRivxEGAX53qgB7zrMtMQ+gZL98VWtDI+KNxUi2L/LUxSZhx4HisheYP3MX 9nbXVXznhyp36cV+VzLjOWecO8Q8RVu+VPLxbbpwY5RIGygk3QxAVTlhgTHua86LtN4er4 pgTQw+zStvDn/kxvm+cD50wKs3O2WWTJ8/j/D4sYNw3KEKScN3uacXXlggMDU7G0kSacMj LIrMDcKVLINhTJ5oP5pZH99mCSKAe23NOeuS2vewCQRencTwy2CE7hJDolvMk7WCrZoTWL Ci+zsIBtMARBgICF+dDsi8UvFRdU27EZTnTuQvdc3gXV/jPFYld5/nhVvDMHdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563715; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3mOXv1G/E5y9PBvLJZ1yFNZCvTCX4FJW2N5ubTBIusw=; b=YvTFCYQlJs63EwxNLWJeFjV2Hlj0fqz2zZNtAEGOSaGIiFTf3uQQp2n3b//MhdrUV0CvGG Ng1RMuA/Uu8xamZIgOX5pbC2HHM3Ucdbmh4tUNTNk2jvj3j4tTVLKx3KpjOb8BeODtiCmN m5z2ovr8vb76Skz/KZ/96M0KQnLNUzkyqYWShCxPKCGSACxkTV4O2ZQFhCUd3XiPhu/PNk vlJiyUEI/fXE6HYN+mVZXcDuBRyQdnLtPrf3SQbyZoFh4bCrfvTpzjmyc+Qs0W9vJfhIIB C+bRBDRaai+YlUtb9FQuAtygu/YNupQJbnaQroeJTgRrJQVKKNYyieVHb1He7Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563715; a=rsa-sha256; cv=none; b=sBMZQA50rSl8LD0C8XLTSbTSX4QN6BMtsmlI48w7jWjBuoHud4KMpYgB8JQzAeYQimme4r +H5avrAaF67Nhg6WB5KslRhuSPoNYH2dOi+deuk3rCPEK0P/PU7CzwidsKcKbvDY+tr+lB Wb+hVt3QA0eqxFUJ0dil0fgpWGQ9NHAKQG6udibBm0ermW0tw+ioe1IgAan+o/MT+TlFb0 QujXQ4ttWlsnZ2cWlaw5AnS/KCEMyBjrR2YNLnJ8BVxQ0Liw1DBrKw8hDfrRY9BCVt6vl0 c5BcHOb/iWE7pBnruwWSjT/wOmoGPhAp7BQG15BE6itEbnVhHhY+4foKaW4QiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJ33TclzgYr; Sat, 11 Jan 2025 02:48:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mZKr065659; Sat, 11 Jan 2025 02:48:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mZSP065656; Sat, 11 Jan 2025 02:48:35 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:35 GMT Message-Id: <202501110248.50B2mZSP065656@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: ba667efb5301 - stable/14 - Add 'contrib/libder/' from commit '9c40c4de4c33b2ba1124fb752ebea0bebaa6013f' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ba667efb5301da32009d5cbc5ae5df9cff895e82 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=ba667efb5301da32009d5cbc5ae5df9cff895e82 commit ba667efb5301da32009d5cbc5ae5df9cff895e82 Author: Kyle Evans AuthorDate: 2025-01-01 21:11:02 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:21 +0000 Add 'contrib/libder/' from commit '9c40c4de4c33b2ba1124fb752ebea0bebaa6013f' git-subtree-dir: contrib/libder git-subtree-mainline: d11904b350214943dedb64c7121d4602799d7afd git-subtree-split: 9c40c4de4c33b2ba1124fb752ebea0bebaa6013f (cherry picked from commit 35c0a8c449fd2b7f75029ebed5e10852240f0865) --- contrib/libder/.cirrus.yml | 16 + contrib/libder/.github/workflows/build.yml | 41 + contrib/libder/.gitignore | 11 + contrib/libder/CMakeLists.txt | 28 + contrib/libder/LICENSE | 22 + contrib/libder/README.md | 28 + contrib/libder/derdump/.gitignore | 1 + contrib/libder/derdump/CMakeLists.txt | 6 + contrib/libder/derdump/derdump.1 | 51 ++ contrib/libder/derdump/derdump.c | 52 ++ contrib/libder/libder/CMakeLists.txt | 12 + contrib/libder/libder/libder.3 | 179 +++++ contrib/libder/libder/libder.c | 119 +++ contrib/libder/libder/libder.h | 181 +++++ contrib/libder/libder/libder_error.c | 76 ++ contrib/libder/libder/libder_obj.3 | 138 ++++ contrib/libder/libder/libder_obj.c | 1192 ++++++++++++++++++++++++++++ contrib/libder/libder/libder_private.h | 178 +++++ contrib/libder/libder/libder_read.3 | 101 +++ contrib/libder/libder/libder_read.c | 864 ++++++++++++++++++++ contrib/libder/libder/libder_type.3 | 71 ++ contrib/libder/libder/libder_type.c | 150 ++++ contrib/libder/libder/libder_write.3 | 54 ++ contrib/libder/libder/libder_write.c | 229 ++++++ contrib/libder/tests/.gitignore | 12 + contrib/libder/tests/CMakeLists.txt | 41 + contrib/libder/tests/fuzz_parallel.c | 111 +++ contrib/libder/tests/fuzz_stream.c | 246 ++++++ contrib/libder/tests/fuzz_write.c | 79 ++ contrib/libder/tests/fuzzers.h | 40 + contrib/libder/tests/make_corpus.c | 137 ++++ contrib/libder/tests/repo.priv | Bin 0 -> 64 bytes contrib/libder/tests/repo.pub | Bin 0 -> 88 bytes contrib/libder/tests/test_common.h | 29 + contrib/libder/tests/test_privkey.c | 175 ++++ contrib/libder/tests/test_pubkey.c | 143 ++++ 36 files changed, 4813 insertions(+) diff --git a/contrib/libder/.cirrus.yml b/contrib/libder/.cirrus.yml new file mode 100644 index 000000000000..a63de71d8bf4 --- /dev/null +++ b/contrib/libder/.cirrus.yml @@ -0,0 +1,16 @@ +build_task: + matrix: + - name: FreeBSD 13 + freebsd_instance: + image: freebsd-13-2-release-amd64 + - name: FreeBSD 14 + freebsd_instance: + image: freebsd-14-0-release-amd64-ufs + setup_script: + sudo pkg install -y cmake + configure_script: + - cmake -B build -DCMAKE_BUILD_TYPE=Debug + build_script: + make -C build + test_script: + make -C build check diff --git a/contrib/libder/.github/workflows/build.yml b/contrib/libder/.github/workflows/build.yml new file mode 100644 index 000000000000..a10daa25e38f --- /dev/null +++ b/contrib/libder/.github/workflows/build.yml @@ -0,0 +1,41 @@ +name: Build libder +on: + push: + branches: ['**'] + pull_request: + types: [opened, reopened, edited, synchronize] + +permissions: + contents: read + +jobs: + build: + name: Build ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-20.04, ubuntu-22.04, macos-latest] + include: + - os: ubuntu-20.04 + - os: ubuntu-22.04 + - os: macos-latest + steps: + - name: checkout + uses: actions/checkout@v4 + - name: install system packages (Ubuntu) + if: runner.os == 'Linux' + run: | + sudo apt-get update --quiet || true + sudo apt-get -yq --no-install-suggests --no-install-recommends install cmake + - name: install system packages (macOS) + if: runner.os == 'macOS' + run: | + brew update --quiet || true + brew install cmake coreutils + - name: configure + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Debug + - name: build libder + run: make -C build + - name: Run self-tests + run: make -C build check diff --git a/contrib/libder/.gitignore b/contrib/libder/.gitignore new file mode 100644 index 000000000000..34fb4e06c50b --- /dev/null +++ b/contrib/libder/.gitignore @@ -0,0 +1,11 @@ +.*.swp +.depend* +*.a +*.so +*.so.* +*.o +*.pico +*.debug +*.full + +build/ diff --git a/contrib/libder/CMakeLists.txt b/contrib/libder/CMakeLists.txt new file mode 100644 index 000000000000..cf0d39e32489 --- /dev/null +++ b/contrib/libder/CMakeLists.txt @@ -0,0 +1,28 @@ +cmake_minimum_required(VERSION 3.18) + +project(libder) + +if(CMAKE_BUILD_TYPE STREQUAL "Debug") + if(NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + add_compile_options(-fsanitize=address,undefined -fstrict-aliasing) + add_link_options(-fsanitize=address,undefined -fstrict-aliasing) + endif() + + add_compile_options(-Werror) +endif() + +# AppleClang is excluded for the time being; the version used in GitHub Action +# runners doesn't seem to have that part of libclang_rt installed, though the +# -fsanitize=fuzzer-no-link instrumentation seems to be fine. Maybe re-evaluate +# this for MATCHES as a possibility later. +if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(BUILD_FUZZERS TRUE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +else() + set(BUILD_FUZZERS FALSE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +endif() + +add_subdirectory(libder) +add_subdirectory(derdump) +add_subdirectory(tests) diff --git a/contrib/libder/LICENSE b/contrib/libder/LICENSE new file mode 100644 index 000000000000..477af8f22e4c --- /dev/null +++ b/contrib/libder/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2024 Kyle Evans + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/contrib/libder/README.md b/contrib/libder/README.md new file mode 100644 index 000000000000..9f700493520d --- /dev/null +++ b/contrib/libder/README.md @@ -0,0 +1,28 @@ +# libder + +## What is libder? + +libder is a small library for encoding/decoding DER-encoded objects. It is +expected to be able to decode any BER-encoded buffer, and an attempt to +re-encode the resulting tree would apply any normalization expected by a DER +decoder. The author's use is primarily to decode/encode ECC keys for +interoperability with OpenSSL. + +The authoritative source for this software is located at +https://git.kevans.dev/kevans/libder, but it's additionally mirrored to +[GitHub](https://github.com/kevans91/libder) for user-facing interactions. +Pull requests and issues are open on GitHub. + +## What is libder not? + +libder is not intended to be a general-purpose library for working with DER/BER +specified objects. It may provide some helpers for building more primitive +data types, but libder will quickly punt on anything even remotely complex and +require the library consumer to supply it as a type/payload/size triple that it +will treat as relatively opaque (modulo some encoding normalization rules that +can be applied without deeply understanding the data contained within). + +libder also doesn't do strict validation of what it reads in today, for better +or worse. e.g., a boolean may occupy more than one byte and libder will happily +present it to the application in that way. It would be normalized on +re-encoding to 0xff or 0x00 depending on whether any bits are set or not. diff --git a/contrib/libder/derdump/.gitignore b/contrib/libder/derdump/.gitignore new file mode 100644 index 000000000000..a35adcc4b71d --- /dev/null +++ b/contrib/libder/derdump/.gitignore @@ -0,0 +1 @@ +derdump diff --git a/contrib/libder/derdump/CMakeLists.txt b/contrib/libder/derdump/CMakeLists.txt new file mode 100644 index 000000000000..11657426fbc9 --- /dev/null +++ b/contrib/libder/derdump/CMakeLists.txt @@ -0,0 +1,6 @@ +file(GLOB derdump_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_executable(derdump ${derdump_SOURCES}) + +target_include_directories(derdump PRIVATE "${CMAKE_SOURCE_DIR}/libder") +target_link_libraries(derdump der_static) diff --git a/contrib/libder/derdump/derdump.1 b/contrib/libder/derdump/derdump.1 new file mode 100644 index 000000000000..414799f3055f --- /dev/null +++ b/contrib/libder/derdump/derdump.1 @@ -0,0 +1,51 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 4, 2024 +.Dt DERDUMP 1 +.Os +.Sh NAME +.Nm derdump +.Nd dumping contents of DER encoded files +.Sh SYNOPSIS +.Nm +.Ar file1 +.Oo Ar fileN ... Oc +.Sh DESCRIPTION +The +.Nm +utility dumps the contents of one or more DER encoded +Ar file +in a more human readable format. +This is similar to the +.Xr asn1parse 1 +utility distributed with OpenSSL when used with the +.Fl inform +.Ar DER +option. +.Pp +A representation of the object will be output to +.Em stdout , +with indentation to denote objects that are encoded within other constructed +objects. +Note that +.Nm +does not make much attempt to interpret the contents of any particular object. +If an object uses one of the universal types, then a friendly name will be +displayed for that object. +If an object uses any other type, then +.Nm +will display the raw hex value of the type used. +Values of primitive objects are output as raw hex, and no effort is made to +try and print a friendly representation. +.Sh SEE ALSO +.Xr asn1parse 1 , +.Xr libder 3 +.Sh BUGS +.Nm +does not currently make any attempt to render a type that uses the long encoded +format. +Instead, it will render as +.Dq { ... } . diff --git a/contrib/libder/derdump/derdump.c b/contrib/libder/derdump/derdump.c new file mode 100644 index 000000000000..7ea3768524d8 --- /dev/null +++ b/contrib/libder/derdump/derdump.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + FILE *fp; + struct libder_ctx *ctx; + struct libder_object *root; + size_t rootsz; + bool first = true; + + if (argc < 2) { + fprintf(stderr, "usage: %s file [file...]\n", argv[0]); + return (1); + } + + ctx = libder_open(); + libder_set_verbose(ctx, 2); + for (int i = 1; i < argc; i++) { + fp = fopen(argv[i], "rb"); + if (fp == NULL) { + warn("%s", argv[i]); + continue; + } + + if (!first) + fprintf(stderr, "\n"); + fprintf(stdout, "[%s]\n", argv[i]); + root = libder_read_file(ctx, fp, &rootsz); + if (root != NULL) { + libder_obj_dump(root, stdout); + libder_obj_free(root); + root = NULL; + } + + first = false; + fclose(fp); + } + + libder_close(ctx); + + return (0); +} diff --git a/contrib/libder/libder/CMakeLists.txt b/contrib/libder/libder/CMakeLists.txt new file mode 100644 index 000000000000..8e6f3426d649 --- /dev/null +++ b/contrib/libder/libder/CMakeLists.txt @@ -0,0 +1,12 @@ +file(GLOB libder_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_library(der SHARED ${libder_SOURCES}) +add_library(der_static STATIC ${libder_SOURCES}) + +if(BUILD_FUZZERS AND CMAKE_BUILD_TYPE STREQUAL "Debug") + target_compile_options(der PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der PUBLIC -fsanitize=fuzzer-no-link) + + target_compile_options(der_static PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der_static PUBLIC -fsanitize=fuzzer-no-link) +endif() diff --git a/contrib/libder/libder/libder.3 b/contrib/libder/libder/libder.3 new file mode 100644 index 000000000000..0e06254ef3fb --- /dev/null +++ b/contrib/libder/libder/libder.3 @@ -0,0 +1,179 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER 3 +.Os +.Sh NAME +.Nm libder , +.Nm libder_open , +.Nm libder_close , +.Nm libder_abort , +.Nm libder_get_error , +.Nm libder_has_error , +.Nm libder_get_normalize , +.Nm libder_set_normalize , +.Nm libder_get_strict , +.Nm libder_set_strict , +.Nm libder_get_verbose , +.Nm libder_set_verbose +.Nd DER encoding and decoding library +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_ctx * +.Fn libder_open "void" +.Ft void +.Fn libder_close "struct libder_ctx *ctx" +.Ft void +.Fn libder_abort "struct libder_ctx *ctx" +.Ft const char * +.Fn libder_get_error "struct libder_ctx *ctx" +.Ft bool +.Fn libder_has_error "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_get_normalize "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_set_normalize "struct libder_ctx *ctx" "uint64_t normalize" +.Ft bool +.Fn libder_get_strict "struct libder_ctx *ctx" +.Ft bool +.Fn libder_set_strict "struct libder_ctx *ctx" "bool strict" +.Ft int +.Fn libder_get_verbose "struct libder_ctx *ctx" +.Ft int +.Fn libder_set_verbose "struct libder_ctx *ctx" "int verbose" +.Sh DESCRIPTION +The +.Nm +library provides functionality for decoding BER and DER encoded data, and +DER encoding data subjected to constraints outline in ITU-T +Recommendation X.690. +.Nm +will apply relevant normalization rules on write, unless they've been disabled +with +.Ft libder_set_normalize , +under the assumption that it may not be reading strictly DER encoded data. +.Pp +Note that not all of the DER rules are currently implemented. +.Nm +will coalesce constructed types that DER specifies should be primitive. +.Nm +will primarily normalize bitstrings, booleans, and integers. +This library was primarily written to be able to provide interoperability with +OpenSSL keys and signatures, so the library was written with that in mind. +Eventually it is intended that +.Nm +will support the full set of rules, but currently some responsibility is left +to the library user. +.Pp +Also note that +.Nm +does not necessarily provide +.Dq neat +ways to construct primitives. +For example, even booleans and integers currently work just by providing a +buffer that is expected to be formatted in a sane fashion. +The library user is expected to build the object tree and generally provide the +object data in a format reasonably encoded as the data for that type should be, +then +.Nm +will provide the proper framing on write and do any transformations that may +need to be done for strict conformance. +.Pp +The +.Fn libder_open +function allocates a new +.Nm +context. +The context does not hold any state about any particular structure. +All of the state held in the context is generally described in this manpage. +The +.Fn libder_close +function will free the context. +.Pp +The +.Fn libder_abort +function will abort an in-progress +.Xr libder_read_fd 3 +operation on the existing +.Fa ctx +if it is interrupted by a signal in the middle of a +.Xr read 2 +syscall. +See +.Xr libder_read_fd 3 +for further discussion. +.Pp +The +.Fn libder_get_error +function will return an error string appropriate for the current error, if any. +The +.Fn libder_has_error +function can be used to check if an error was raised in a previous operation. +.Pp +The +.Fn libder_get_normalize +and +.Fn libder_set_normalize +functions retrieve and manipulate any number of flags that detail how +functions may be used to check or set the normalization flags given +.Nm context , +which dictates how +.Nm +will normalize data on write. +The following normalization flags may be specified: +.Bl -column "LIBDER_NORMALIZE_CONSTRUCTED" +.It LIBDER_NORMALIZE_CONSTRUCTED Ta Coalesce types that may be primitive or constructed +.It LIBDER_NORMALIZE_TAGS Ta Pack tags into the lowest possible encoded value +.El +.Pp +The +.Fn LIBDER_NORMALIZE_TYPE_FLAG "enum libder_ber_type" +macaro may also be used to specify normalization of the given universal type. +By default, every valid normalization flag is enabled. +.Pp +The +.Fn libder_get_strict +and +.Fn libder_set_strict +functions may used to check or set the strict read state of the given +.Nm +context. +By default, +.Nm +operates in strict mode and rejects various methods of expressing data that are +valid looking but not strictly conformant. +The +.Va LDE_STRICT_* +constants in +.In libder.h +describe the various scenarios that strict mode may reject. +.Pp +The +.Fn libder_get_verbose +and +.Fn libder_set_verbose +functions may be used to check or set the verbosity of the given +.Nm +context. +This primarily controls how +.Nm +behaves when an error is encountered. +By default, the library will silently set the error state and return. +With a verbosity level of 1, an error will be printed when the error state is +set that contains the string that would be returned by +.Fn libder_get_error . +With a verbosity level of 2, the filename and line within +.Nm +that the error occurred in will be printed, which is primarily intended for +debugging +.Nm . +.Sh SEE ALSO +.Xr libder_obj 3 , +.Xr libder_read 3 , +.Xr libder_type 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder.c b/contrib/libder/libder/libder.c new file mode 100644 index 000000000000..2d52fedd62bd --- /dev/null +++ b/contrib/libder/libder/libder.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include "libder_private.h" + +#include +#include + +/* + * Sets up the context, returns NULL on error. + */ +struct libder_ctx * +libder_open(void) +{ + struct libder_ctx *ctx; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + return (NULL); + + /* Initialize */ + ctx->error = LDE_NONE; + ctx->buffer_size = 0; + ctx->verbose = 0; + ctx->normalize = LIBDER_NORMALIZE_ALL; + ctx->strict = true; + ctx->abort = 0; + + return (ctx); +} + +void +libder_abort(struct libder_ctx *ctx) +{ + + ctx->abort = 1; +} + +LIBDER_PRIVATE size_t +libder_get_buffer_size(struct libder_ctx *ctx) +{ + + if (ctx->buffer_size == 0) { + long psize; + + psize = sysconf(_SC_PAGESIZE); + if (psize <= 0) + psize = 4096; + + ctx->buffer_size = psize; + } + + return (ctx->buffer_size); +} + +uint64_t +libder_get_normalize(struct libder_ctx *ctx) +{ + + return (ctx->normalize); +} + +/* + * Set the normalization flags; returns the previous value. + */ +uint64_t +libder_set_normalize(struct libder_ctx *ctx, uint64_t nmask) +{ + uint64_t old = ctx->normalize; + + ctx->normalize = (nmask & LIBDER_NORMALIZE_ALL); + return (old); +} + +bool +libder_get_strict(struct libder_ctx *ctx) +{ + + return (ctx->strict); +} + +bool +libder_set_strict(struct libder_ctx *ctx, bool strict) +{ + bool oval = ctx->strict; + + ctx->strict = strict; + return (oval); +} + +int +libder_get_verbose(struct libder_ctx *ctx) +{ + + return (ctx->verbose); +} + +int +libder_set_verbose(struct libder_ctx *ctx, int verbose) +{ + int oval = ctx->verbose; + + ctx->verbose = verbose; + return (oval); +} + +void +libder_close(struct libder_ctx *ctx) +{ + + if (ctx == NULL) + return; + + free(ctx); +} + diff --git a/contrib/libder/libder/libder.h b/contrib/libder/libder/libder.h new file mode 100644 index 000000000000..4d28aa3052ba --- /dev/null +++ b/contrib/libder/libder/libder.h @@ -0,0 +1,181 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include +#include + +enum libder_ber_class { + BC_UNIVERSAL = 0, + BC_APPLICATION = 1, + BC_CONTEXT = 2, + BC_PRIVATE = 3, +}; + +enum libder_ber_type { + BT_RESERVED = 0x00, + BT_BOOLEAN = 0x01, + BT_INTEGER = 0x02, + BT_BITSTRING = 0x03, + BT_OCTETSTRING = 0x04, + BT_NULL = 0x05, + BT_OID = 0x06, + BT_OBJDESC = 0x07, + BT_EXTERNAL = 0x08, + BT_REAL = 0x09, + BT_ENUMERATED = 0x0a, + BT_PDV = 0x0b, + BT_UTF8STRING = 0x0c, + BT_RELOID = 0x0d, + + /* 0x10, 011 not usable */ + + BT_NUMERICSTRING = 0x012, + BT_STRING = 0x13, + BT_TELEXSTRING = 0x14, + BT_VIDEOTEXSTRING = 0x15, + BT_IA5STRING = 0x16, + BT_UTCTIME = 0x17, + BT_GENTIME = 0x18, + BT_GFXSTRING = 0x19, + BT_VISSTRING = 0x1a, + BT_GENSTRING = 0x1b, + BT_UNIVSTRING = 0x1c, + BT_CHARSTRING = 0x1d, + BT_BMPSTRING = 0x1e, + + BT_SEQUENCE = 0x30, + BT_SET = 0x31, +}; + +#define BER_TYPE_CONSTRUCTED_MASK 0x20 /* Bit 6 */ +#define BER_TYPE_CLASS_MASK 0xc0 /* Bits 7 and 8 */ + +/* + * The difference between the type and the full type is just that the full type + * will indicate the class of type, so it may be more useful for some operations. + */ +#define BER_FULL_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CLASS_MASK | BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE_CLASS(tval) \ + (((tval) & BER_TYPE_CLASS_MASK) >> 6) +#define BER_TYPE_CONSTRUCTED(tval) \ + (((tval) & BER_TYPE_CONSTRUCTED_MASK) != 0) + +enum libder_error { + LDE_NONE = 0x00, + LDE_NOMEM, /* Out of memory */ + LDE_INVAL, /* Invalid parameter */ + LDE_SHORTHDR, /* Header too short */ + LDE_BADVARLEN, /* Bad variable length encoding */ + LDE_LONGLEN, /* Encoded length too large (8 byte max) */ + LDE_SHORTDATA, /* Payload not available */ + LDE_GARBAGE, /* Garbage after encoded data */ + LDE_STREAMERR, /* Stream error */ + LDE_TRUNCVARLEN, /* Variable length object truncated */ + LDE_COALESCE_BADCHILD, /* Bad child encountered when coalescing */ + LDE_BADOBJECT, /* Payload not valid for object type */ + + /* Strict violations */ + LDE_STRICT_EOC, /* Strict: end-of-content violation */ + LDE_STRICT_TAG, /* Strict: tag violation */ + LDE_STRICT_PVARLEN, /* Strict: primitive using indefinite length */ + LDE_STRICT_BOOLEAN, /* Strict: boolean encoded incorrectly */ + LDE_STRICT_NULL, /* Strict: null encoded incorrectly */ + LDE_STRICT_PRIMITIVE, /* Strict: type must be primitive */ + LDE_STRICT_CONSTRUCTED, /* Strict: type must be constructed */ + LDE_STRICT_BITSTRING, /* Strict: malformed constructed bitstring */ +}; + +struct libder_ctx; +struct libder_tag; +struct libder_object; + +/* + * By default we normalize everything, but we allow some subset of the + * functionality to be disabled. Lengths are non-optional and will always be + * normalized to a fixed short or long length. The upper 32-bits of + * ctx->normalize are reserved for universal types so that we can quickly map + * those without assigning them names. + */ + +/* Normalize constructed types that should be coalesced (e.g., strings, time). */ +#define LIBDER_NORMALIZE_CONSTRUCTED 0x0000000000000001ULL + +/* + * Normalize tags on read. This is mostly a measure to ensure that + * normalization on write doesn't get thwarted; there's no reason anybody should + * be encoding low tags with the long form, but the spec doesn't appear to + * forbid it. + */ +#define LIBDER_NORMALIZE_TAGS 0x0000000000000002ULL + +/* Universal types (reserved) */ +#define LIBDER_NORMALIZE_TYPE_MASK 0xffffffff00000000ULL +#define LIBDER_NORMALIZE_TYPE_FLAG(val) ((1ULL << val) << 32ULL) + +/* All valid bits. */ +#define LIBDER_NORMALIZE_ALL \ + (LIBDER_NORMALIZE_TYPE_MASK | LIBDER_NORMALIZE_CONSTRUCTED | \ + LIBDER_NORMALIZE_TAGS) + +struct libder_ctx * libder_open(void); +void libder_close(struct libder_ctx *); +void libder_abort(struct libder_ctx *); +const char *libder_get_error(struct libder_ctx *); +bool libder_has_error(struct libder_ctx *); +uint64_t libder_get_normalize(struct libder_ctx *); +uint64_t libder_set_normalize(struct libder_ctx *, uint64_t); +bool libder_get_strict(struct libder_ctx *); +bool libder_set_strict(struct libder_ctx *, bool); +int libder_get_verbose(struct libder_ctx *); +int libder_set_verbose(struct libder_ctx *, int); + +struct libder_object *libder_read(struct libder_ctx *, const uint8_t *, size_t *); +struct libder_object *libder_read_fd(struct libder_ctx *, int, size_t *); +struct libder_object *libder_read_file(struct libder_ctx *, FILE *, size_t *); + +uint8_t *libder_write(struct libder_ctx *, struct libder_object *, uint8_t *, + size_t *); + +#define DER_CHILDREN(obj) libder_obj_children(obj) +#define DER_NEXT(obj) libder_obj_next(obj) + +#define DER_FOREACH_CHILD(var, obj) \ + for ((var) = DER_CHILDREN((obj)); \ + (var); \ + (var) = DER_NEXT((var))) +#define DER_FOREACH_CHILD_SAFE(var, obj, tvar) \ + for ((var) = DER_CHILDREN((obj)); \ + (var) && ((tvar) = DER_NEXT((var)), 1); \ + (var) = (tvar)) + +struct libder_object *libder_obj_alloc(struct libder_ctx *, struct libder_tag *, const uint8_t *, size_t); +struct libder_object *libder_obj_alloc_simple(struct libder_ctx *, uint8_t, const uint8_t *, + size_t); +void libder_obj_free(struct libder_object *); + +bool libder_obj_append(struct libder_object *, struct libder_object *); +struct libder_object *libder_obj_child(const struct libder_object *, size_t); +struct libder_object *libder_obj_children(const struct libder_object *); +struct libder_object *libder_obj_next(const struct libder_object *); +struct libder_tag *libder_obj_type(const struct libder_object *); +uint8_t libder_obj_type_simple(const struct libder_object *); +const uint8_t *libder_obj_data(const struct libder_object *, size_t *); + +/* Debugging aide -- probably shouldn't use. */ +void libder_obj_dump(const struct libder_object *, FILE *); + +struct libder_tag *libder_type_alloc_simple(struct libder_ctx *, uint8_t); +struct libder_tag *libder_type_dup(struct libder_ctx *, const struct libder_tag *); +void libder_type_free(struct libder_tag *); +#define libder_type_simple libder_type_simple_abi +uint8_t libder_type_simple(const struct libder_tag *); diff --git a/contrib/libder/libder/libder_error.c b/contrib/libder/libder/libder_error.c new file mode 100644 index 000000000000..6ca0acc83e6d --- /dev/null +++ b/contrib/libder/libder/libder_error.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include "libder_private.h" + +#undef libder_set_error + +static const char libder_error_nodesc[] = "[Description not available]"; + +#define DESCRIBE(err, msg) { LDE_ ## err, msg } +static const struct libder_error_desc { + enum libder_error desc_error; + const char *desc_str; +} libder_error_descr[] = { + DESCRIBE(NONE, "No error"), + DESCRIBE(NOMEM, "Out of memory"), + DESCRIBE(INVAL, "Invalid parameter"), + DESCRIBE(SHORTHDR, "Header too short"), + DESCRIBE(BADVARLEN, "Bad variable length encoding"), + DESCRIBE(LONGLEN, "Encoded length too large (8 byte max)"), + DESCRIBE(SHORTDATA, "Payload not available (too short)"), + DESCRIBE(GARBAGE, "Garbage after encoded data"), + DESCRIBE(STREAMERR, "Stream error"), + DESCRIBE(TRUNCVARLEN, "Variable length object truncated"), + DESCRIBE(COALESCE_BADCHILD, "Bad child encountered when coalescing"), + DESCRIBE(BADOBJECT, "Payload not valid for object type"), + DESCRIBE(STRICT_EOC, "Strict: end-of-content violation"), + DESCRIBE(STRICT_TAG, "Strict: tag violation"), + DESCRIBE(STRICT_PVARLEN, "Strict: primitive using indefinite length"), + DESCRIBE(STRICT_BOOLEAN, "Strict: boolean encoded incorrectly"), + DESCRIBE(STRICT_NULL, "Strict: null encoded incorrectly"), + DESCRIBE(STRICT_PRIMITIVE, "Strict: type must be primitive"), + DESCRIBE(STRICT_CONSTRUCTED, "Strict: type must be constructed"), + DESCRIBE(STRICT_BITSTRING, "Strict: malformed constructed bitstring"), +}; + +const char * +libder_get_error(struct libder_ctx *ctx) +{ + const struct libder_error_desc *desc; + + for (size_t i = 0; i < nitems(libder_error_descr); i++) { + desc = &libder_error_descr[i]; + + if (desc->desc_error == ctx->error) + return (desc->desc_str); + } + + return (libder_error_nodesc); +} + +bool +libder_has_error(struct libder_ctx *ctx) +{ + + return (ctx->error != 0); +} + +LIBDER_PRIVATE void +libder_set_error(struct libder_ctx *ctx, int error, const char *file, int line) +{ + ctx->error = error; + + if (ctx->verbose >= 2) { + fprintf(stderr, "%s: [%s:%d]: %s (error %d)\n", + __func__, file, line, libder_get_error(ctx), error); + } else if (ctx->verbose >= 1) { + fprintf(stderr, "%s: %s (error %d)\n", __func__, + libder_get_error(ctx), error); + } +} diff --git a/contrib/libder/libder/libder_obj.3 b/contrib/libder/libder/libder_obj.3 new file mode 100644 index 000000000000..d7e51da1d2fb --- /dev/null +++ b/contrib/libder/libder/libder_obj.3 @@ -0,0 +1,138 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_OBJ 3 +.Os +.Sh NAME +.Nm libder_obj , +.Nm libder_obj_alloc , +.Nm libder_obj_alloc_simple , *** 4094 LINES SKIPPED *** From nobody Sat Jan 11 02:48:36 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJ46lrcz5l4Y4; Sat, 11 Jan 2025 02:48:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJ44J8Wz4HQp; Sat, 11 Jan 2025 02:48:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xJTlqZZQl4LO9n7vwWIhTn/ayroXlujoV2j5CWiSpMM=; b=MXH12EPdaqCmfU4ajiJ5s9zcXvdj/6RgTWTmsYWF/lASpFlGYnPcpQ1MkpcMxjF4DnZpxJ o92zxnorxEUYtPj4DcdbiSstRZXQ7HXqjLfw8qjsHq1a7ulFbb264BtOOTm/Y3TbORhqjp xLlFaSV9fJdoLguJWDP/6el0ue2OdRFBxTj3bx0GlrO+nkmnr4LD3s1DHBKkKnxhjK22Z5 d3V2ZzGJk1Kku656N4qD/qax1qnMb6oTAsLU8Yn44XJVW4yO5+dp74qg4gT6GYFz2shVcR 6EvNuJpiiNkIe0ujqVNs+A9aBtcEMLswMY0Ejv6qLvBANwfAyWaDmMPTfnbyzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xJTlqZZQl4LO9n7vwWIhTn/ayroXlujoV2j5CWiSpMM=; b=gPCPT1LQWEJrUZjwbbCvKMOkHiVOThKyXqTmAw/P9nIIggwbh7ChS1sZU/zT3nvYljTx9D NX0QLZOx2KIwv4uFHrhDAPvVbZYLpUNCuEcWMoW+QgEUoL8tGUbBWzfrLnqzcK1g7AQ6S9 AlT+ljnY5F49Q4hAf28X160moR9VZymBH1/Wfktcm4eSjyrkrB86O5drz2G8pvVglvGIoQ bhZz6QQgQlb1pTwJDmPHqscSnjmdm39qbrY2KrQUhN8psBeF8oZ/GDDilPdR/A4bei2OrA YjJd0PGp4Dgvn/8IMACgF0yPcoKTkL/nwWjIgAlbyKBUyeH6PY0zUk5hv3X2RA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563716; a=rsa-sha256; cv=none; b=NQ1lu4EzPaUBqeJXVxxcEMDGRbdc+EPVnS+x+nlRfANJaEMiFJr3tPF/FDO+ilSRxx4kvO WdxtlQlezW0aqH5NI+2CmYvqd3Cvj+9EBe9uk3YKEh016xXg4eDcBHavgoOBHwlzEez7at JakSTSqTfdzv2ER+Vjj98caIetQV36xo61qzehapC226gUhn7BtrnMvMJyxPnPuqPiIF6c FfRKJ3nsD3b+F4p39X9fE5KpdXwAEmMVDzbuhObjgzajhkN5+viAYT2Zluqf9xi4YICqfa PdsiZJQLZpw6WVtxcfsQUAkoxONZgnQb/6IH0lJZB0rvR+VBoSa+Wpx4+RkLkw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJ43ssRzfT9; Sat, 11 Jan 2025 02:48:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2manp065710; Sat, 11 Jan 2025 02:48:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mafA065707; Sat, 11 Jan 2025 02:48:36 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:36 GMT Message-Id: <202501110248.50B2mafA065707@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: c876932bbafd - stable/14 - lib: hook libder up to the build List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: c876932bbafdd20c6d5a1f733c45fc7bc0d67e0c Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=c876932bbafdd20c6d5a1f733c45fc7bc0d67e0c commit c876932bbafdd20c6d5a1f733c45fc7bc0d67e0c Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:22 +0000 lib: hook libder up to the build libder will be used in upcoming ECC support in the pkg(7) bootstrap to read DER-encoded keys and signatures. (cherry picked from commit f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2) --- lib/Makefile | 1 + lib/libder/Makefile | 13 +++++++++++++ share/mk/src.libnames.mk | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/lib/Makefile b/lib/Makefile index 294e2b695bdc..6c5edfdc8f76 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ SUBDIR_BOOTSTRAP= \ libc++ \ libc++experimental \ libcxxrt \ + libder \ libelf \ libssp \ libssp_nonshared \ diff --git a/lib/libder/Makefile b/lib/libder/Makefile new file mode 100644 index 000000000000..bdd2225f0ff3 --- /dev/null +++ b/lib/libder/Makefile @@ -0,0 +1,13 @@ + +LIB= der +INTERNALLIB= + +.PATH: ${SRCTOP}/contrib/libder/libder +SRCS+= libder.c \ + libder_error.c \ + libder_obj.c \ + libder_read.c \ + libder_type.c \ + libder_write.c + +.include diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index d7350ce5c049..9cba6c8cc7c3 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -43,6 +43,7 @@ _INTERNALLIBS= \ bsnmptools \ c_nossp_pic \ cron \ + der \ elftc \ fdt \ fifolog \ @@ -586,6 +587,9 @@ LIBTELNET?= ${LIBTELNETDIR}/libtelnet${PIE_SUFFIX}.a LIBCRONDIR= ${_LIB_OBJTOP}/usr.sbin/cron/lib LIBCRON?= ${LIBCRONDIR}/libcron${PIE_SUFFIX}.a +LIBDERDIR= ${_LIB_OBJTOP}/lib/libder +LIBDER?= ${LIBDERDIR}/libder${PIE_SUFFIX}.a + LIBNTPDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntp LIBNTP?= ${LIBNTPDIR}/libntp${PIE_SUFFIX}.a From nobody Sat Jan 11 02:48:40 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJ90DFMz5l4WP; Sat, 11 Jan 2025 02:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJ85phGz4HYt; Sat, 11 Jan 2025 02:48:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563720; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FpvnklK8enWI0qvujNVJWZvTqsN97c1c+93hE+qR2hA=; b=YyCtA9MS84qjCl/eciykHvKehKTB2FDtI7b+9IVFTnni2Hyd+5HRp0bp+03deunVC1ivap RyazlNAIJxKgp8KKHKvGY3O4Xg2KEb8kDkCxMkqEfy68Nz8TW2L7D91OUPHeGCo5dVOkxG OH6pRYyeVIyYDtthLC84/zNbxJ1+Mi3TiCrEyFLXYUzTBmfywkD9U1RI9Prg+m4q44XY88 gDyUy+wkLMT2Engx1BC37pwYBLlF5K7Z23HxRe9XXrU0/EvUpdOPuQ/z+LNH/QWQ/mNr8G S3gJBz9CVTxXLHF92QX7bPSkEtmiI63pk6KEWhcUisHaSXVpH6iyopJhODfpew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563720; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FpvnklK8enWI0qvujNVJWZvTqsN97c1c+93hE+qR2hA=; b=UCx7q73Hy0HVVf/E9thRYN8vJURnBayh1OyyKxDP8BkNPNCistqcYsUz/hVjXNxIw2gMZl RXAMaYMVK/72oYAhaUrlAp1eZzpby0AYhBGmE8b+JrTzHuFWhK4CNj0RyGQ/kcbVwvJ0ZF BXMG8w3Z/jC1dw21hoqt8Fynlx8i1ZzaVXWVah8PyDhNFn/RfnIYY3tK8POltPHdI+9v9l tb7nSdUt965tMnB6L41+tnNYKb9k8rzGzM0D+lh4p9ns5x4/M1R5LuYK5hU7iOdQZw/vde cGlmIym7dS5WdAItV8/4fSnf24979X5qiicUdd5V/A+t4Ji3bGx3NT1mkCFPzg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563720; a=rsa-sha256; cv=none; b=c7OJr1jIiHEdlzbSPXhLMuEbuc3dd4LZS6LFdg0r+DDasQifIsfZyqPRkMWZwLGPdup5jg lwt+V2Y2t52flI224LqkD/KfxqEvXZDrqIwgfvuCDYpW4rSKZv7Fsb81ys7vrk83zkQk3X KuYPEMWc0hJTJQSo1Wt9f09LaV6IuxVr4k8Mx4i9fWv8T4CYm91XkZ5nrgatjDF442tQXr BVbXYf1U0skG9QbeUfKa8o94wo8o69i3TqaIJTI7uQj5beOHWBDPGKAZkzuFlzBmNqUAvC gFh7e/y1unVrW+RdLq8CizWQy7K5D9It2gvKKXojKp6evuqEuaSe1f0/XFzkaQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJ85M8yzg8l; Sat, 11 Jan 2025 02:48:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2me20065916; Sat, 11 Jan 2025 02:48:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2memR065913; Sat, 11 Jan 2025 02:48:40 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:40 GMT Message-Id: <202501110248.50B2memR065913@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 883ba1bdbe36 - stable/13 - Add 'contrib/libder/' from commit '9c40c4de4c33b2ba1124fb752ebea0bebaa6013f' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 883ba1bdbe3695579c1b615e90b01ce1bc6a8b14 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=883ba1bdbe3695579c1b615e90b01ce1bc6a8b14 commit 883ba1bdbe3695579c1b615e90b01ce1bc6a8b14 Author: Kyle Evans AuthorDate: 2025-01-01 21:11:02 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:27 +0000 Add 'contrib/libder/' from commit '9c40c4de4c33b2ba1124fb752ebea0bebaa6013f' git-subtree-dir: contrib/libder git-subtree-mainline: d11904b350214943dedb64c7121d4602799d7afd git-subtree-split: 9c40c4de4c33b2ba1124fb752ebea0bebaa6013f (cherry picked from commit 35c0a8c449fd2b7f75029ebed5e10852240f0865) --- contrib/libder/.cirrus.yml | 16 + contrib/libder/.github/workflows/build.yml | 41 + contrib/libder/.gitignore | 11 + contrib/libder/CMakeLists.txt | 28 + contrib/libder/LICENSE | 22 + contrib/libder/README.md | 28 + contrib/libder/derdump/.gitignore | 1 + contrib/libder/derdump/CMakeLists.txt | 6 + contrib/libder/derdump/derdump.1 | 51 ++ contrib/libder/derdump/derdump.c | 52 ++ contrib/libder/libder/CMakeLists.txt | 12 + contrib/libder/libder/libder.3 | 179 +++++ contrib/libder/libder/libder.c | 119 +++ contrib/libder/libder/libder.h | 181 +++++ contrib/libder/libder/libder_error.c | 76 ++ contrib/libder/libder/libder_obj.3 | 138 ++++ contrib/libder/libder/libder_obj.c | 1192 ++++++++++++++++++++++++++++ contrib/libder/libder/libder_private.h | 178 +++++ contrib/libder/libder/libder_read.3 | 101 +++ contrib/libder/libder/libder_read.c | 864 ++++++++++++++++++++ contrib/libder/libder/libder_type.3 | 71 ++ contrib/libder/libder/libder_type.c | 150 ++++ contrib/libder/libder/libder_write.3 | 54 ++ contrib/libder/libder/libder_write.c | 229 ++++++ contrib/libder/tests/.gitignore | 12 + contrib/libder/tests/CMakeLists.txt | 41 + contrib/libder/tests/fuzz_parallel.c | 111 +++ contrib/libder/tests/fuzz_stream.c | 246 ++++++ contrib/libder/tests/fuzz_write.c | 79 ++ contrib/libder/tests/fuzzers.h | 40 + contrib/libder/tests/make_corpus.c | 137 ++++ contrib/libder/tests/repo.priv | Bin 0 -> 64 bytes contrib/libder/tests/repo.pub | Bin 0 -> 88 bytes contrib/libder/tests/test_common.h | 29 + contrib/libder/tests/test_privkey.c | 175 ++++ contrib/libder/tests/test_pubkey.c | 143 ++++ 36 files changed, 4813 insertions(+) diff --git a/contrib/libder/.cirrus.yml b/contrib/libder/.cirrus.yml new file mode 100644 index 000000000000..a63de71d8bf4 --- /dev/null +++ b/contrib/libder/.cirrus.yml @@ -0,0 +1,16 @@ +build_task: + matrix: + - name: FreeBSD 13 + freebsd_instance: + image: freebsd-13-2-release-amd64 + - name: FreeBSD 14 + freebsd_instance: + image: freebsd-14-0-release-amd64-ufs + setup_script: + sudo pkg install -y cmake + configure_script: + - cmake -B build -DCMAKE_BUILD_TYPE=Debug + build_script: + make -C build + test_script: + make -C build check diff --git a/contrib/libder/.github/workflows/build.yml b/contrib/libder/.github/workflows/build.yml new file mode 100644 index 000000000000..a10daa25e38f --- /dev/null +++ b/contrib/libder/.github/workflows/build.yml @@ -0,0 +1,41 @@ +name: Build libder +on: + push: + branches: ['**'] + pull_request: + types: [opened, reopened, edited, synchronize] + +permissions: + contents: read + +jobs: + build: + name: Build ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-20.04, ubuntu-22.04, macos-latest] + include: + - os: ubuntu-20.04 + - os: ubuntu-22.04 + - os: macos-latest + steps: + - name: checkout + uses: actions/checkout@v4 + - name: install system packages (Ubuntu) + if: runner.os == 'Linux' + run: | + sudo apt-get update --quiet || true + sudo apt-get -yq --no-install-suggests --no-install-recommends install cmake + - name: install system packages (macOS) + if: runner.os == 'macOS' + run: | + brew update --quiet || true + brew install cmake coreutils + - name: configure + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Debug + - name: build libder + run: make -C build + - name: Run self-tests + run: make -C build check diff --git a/contrib/libder/.gitignore b/contrib/libder/.gitignore new file mode 100644 index 000000000000..34fb4e06c50b --- /dev/null +++ b/contrib/libder/.gitignore @@ -0,0 +1,11 @@ +.*.swp +.depend* +*.a +*.so +*.so.* +*.o +*.pico +*.debug +*.full + +build/ diff --git a/contrib/libder/CMakeLists.txt b/contrib/libder/CMakeLists.txt new file mode 100644 index 000000000000..cf0d39e32489 --- /dev/null +++ b/contrib/libder/CMakeLists.txt @@ -0,0 +1,28 @@ +cmake_minimum_required(VERSION 3.18) + +project(libder) + +if(CMAKE_BUILD_TYPE STREQUAL "Debug") + if(NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + add_compile_options(-fsanitize=address,undefined -fstrict-aliasing) + add_link_options(-fsanitize=address,undefined -fstrict-aliasing) + endif() + + add_compile_options(-Werror) +endif() + +# AppleClang is excluded for the time being; the version used in GitHub Action +# runners doesn't seem to have that part of libclang_rt installed, though the +# -fsanitize=fuzzer-no-link instrumentation seems to be fine. Maybe re-evaluate +# this for MATCHES as a possibility later. +if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(BUILD_FUZZERS TRUE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +else() + set(BUILD_FUZZERS FALSE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +endif() + +add_subdirectory(libder) +add_subdirectory(derdump) +add_subdirectory(tests) diff --git a/contrib/libder/LICENSE b/contrib/libder/LICENSE new file mode 100644 index 000000000000..477af8f22e4c --- /dev/null +++ b/contrib/libder/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2024 Kyle Evans + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/contrib/libder/README.md b/contrib/libder/README.md new file mode 100644 index 000000000000..9f700493520d --- /dev/null +++ b/contrib/libder/README.md @@ -0,0 +1,28 @@ +# libder + +## What is libder? + +libder is a small library for encoding/decoding DER-encoded objects. It is +expected to be able to decode any BER-encoded buffer, and an attempt to +re-encode the resulting tree would apply any normalization expected by a DER +decoder. The author's use is primarily to decode/encode ECC keys for +interoperability with OpenSSL. + +The authoritative source for this software is located at +https://git.kevans.dev/kevans/libder, but it's additionally mirrored to +[GitHub](https://github.com/kevans91/libder) for user-facing interactions. +Pull requests and issues are open on GitHub. + +## What is libder not? + +libder is not intended to be a general-purpose library for working with DER/BER +specified objects. It may provide some helpers for building more primitive +data types, but libder will quickly punt on anything even remotely complex and +require the library consumer to supply it as a type/payload/size triple that it +will treat as relatively opaque (modulo some encoding normalization rules that +can be applied without deeply understanding the data contained within). + +libder also doesn't do strict validation of what it reads in today, for better +or worse. e.g., a boolean may occupy more than one byte and libder will happily +present it to the application in that way. It would be normalized on +re-encoding to 0xff or 0x00 depending on whether any bits are set or not. diff --git a/contrib/libder/derdump/.gitignore b/contrib/libder/derdump/.gitignore new file mode 100644 index 000000000000..a35adcc4b71d --- /dev/null +++ b/contrib/libder/derdump/.gitignore @@ -0,0 +1 @@ +derdump diff --git a/contrib/libder/derdump/CMakeLists.txt b/contrib/libder/derdump/CMakeLists.txt new file mode 100644 index 000000000000..11657426fbc9 --- /dev/null +++ b/contrib/libder/derdump/CMakeLists.txt @@ -0,0 +1,6 @@ +file(GLOB derdump_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_executable(derdump ${derdump_SOURCES}) + +target_include_directories(derdump PRIVATE "${CMAKE_SOURCE_DIR}/libder") +target_link_libraries(derdump der_static) diff --git a/contrib/libder/derdump/derdump.1 b/contrib/libder/derdump/derdump.1 new file mode 100644 index 000000000000..414799f3055f --- /dev/null +++ b/contrib/libder/derdump/derdump.1 @@ -0,0 +1,51 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 4, 2024 +.Dt DERDUMP 1 +.Os +.Sh NAME +.Nm derdump +.Nd dumping contents of DER encoded files +.Sh SYNOPSIS +.Nm +.Ar file1 +.Oo Ar fileN ... Oc +.Sh DESCRIPTION +The +.Nm +utility dumps the contents of one or more DER encoded +Ar file +in a more human readable format. +This is similar to the +.Xr asn1parse 1 +utility distributed with OpenSSL when used with the +.Fl inform +.Ar DER +option. +.Pp +A representation of the object will be output to +.Em stdout , +with indentation to denote objects that are encoded within other constructed +objects. +Note that +.Nm +does not make much attempt to interpret the contents of any particular object. +If an object uses one of the universal types, then a friendly name will be +displayed for that object. +If an object uses any other type, then +.Nm +will display the raw hex value of the type used. +Values of primitive objects are output as raw hex, and no effort is made to +try and print a friendly representation. +.Sh SEE ALSO +.Xr asn1parse 1 , +.Xr libder 3 +.Sh BUGS +.Nm +does not currently make any attempt to render a type that uses the long encoded +format. +Instead, it will render as +.Dq { ... } . diff --git a/contrib/libder/derdump/derdump.c b/contrib/libder/derdump/derdump.c new file mode 100644 index 000000000000..7ea3768524d8 --- /dev/null +++ b/contrib/libder/derdump/derdump.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + FILE *fp; + struct libder_ctx *ctx; + struct libder_object *root; + size_t rootsz; + bool first = true; + + if (argc < 2) { + fprintf(stderr, "usage: %s file [file...]\n", argv[0]); + return (1); + } + + ctx = libder_open(); + libder_set_verbose(ctx, 2); + for (int i = 1; i < argc; i++) { + fp = fopen(argv[i], "rb"); + if (fp == NULL) { + warn("%s", argv[i]); + continue; + } + + if (!first) + fprintf(stderr, "\n"); + fprintf(stdout, "[%s]\n", argv[i]); + root = libder_read_file(ctx, fp, &rootsz); + if (root != NULL) { + libder_obj_dump(root, stdout); + libder_obj_free(root); + root = NULL; + } + + first = false; + fclose(fp); + } + + libder_close(ctx); + + return (0); +} diff --git a/contrib/libder/libder/CMakeLists.txt b/contrib/libder/libder/CMakeLists.txt new file mode 100644 index 000000000000..8e6f3426d649 --- /dev/null +++ b/contrib/libder/libder/CMakeLists.txt @@ -0,0 +1,12 @@ +file(GLOB libder_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_library(der SHARED ${libder_SOURCES}) +add_library(der_static STATIC ${libder_SOURCES}) + +if(BUILD_FUZZERS AND CMAKE_BUILD_TYPE STREQUAL "Debug") + target_compile_options(der PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der PUBLIC -fsanitize=fuzzer-no-link) + + target_compile_options(der_static PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der_static PUBLIC -fsanitize=fuzzer-no-link) +endif() diff --git a/contrib/libder/libder/libder.3 b/contrib/libder/libder/libder.3 new file mode 100644 index 000000000000..0e06254ef3fb --- /dev/null +++ b/contrib/libder/libder/libder.3 @@ -0,0 +1,179 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER 3 +.Os +.Sh NAME +.Nm libder , +.Nm libder_open , +.Nm libder_close , +.Nm libder_abort , +.Nm libder_get_error , +.Nm libder_has_error , +.Nm libder_get_normalize , +.Nm libder_set_normalize , +.Nm libder_get_strict , +.Nm libder_set_strict , +.Nm libder_get_verbose , +.Nm libder_set_verbose +.Nd DER encoding and decoding library +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_ctx * +.Fn libder_open "void" +.Ft void +.Fn libder_close "struct libder_ctx *ctx" +.Ft void +.Fn libder_abort "struct libder_ctx *ctx" +.Ft const char * +.Fn libder_get_error "struct libder_ctx *ctx" +.Ft bool +.Fn libder_has_error "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_get_normalize "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_set_normalize "struct libder_ctx *ctx" "uint64_t normalize" +.Ft bool +.Fn libder_get_strict "struct libder_ctx *ctx" +.Ft bool +.Fn libder_set_strict "struct libder_ctx *ctx" "bool strict" +.Ft int +.Fn libder_get_verbose "struct libder_ctx *ctx" +.Ft int +.Fn libder_set_verbose "struct libder_ctx *ctx" "int verbose" +.Sh DESCRIPTION +The +.Nm +library provides functionality for decoding BER and DER encoded data, and +DER encoding data subjected to constraints outline in ITU-T +Recommendation X.690. +.Nm +will apply relevant normalization rules on write, unless they've been disabled +with +.Ft libder_set_normalize , +under the assumption that it may not be reading strictly DER encoded data. +.Pp +Note that not all of the DER rules are currently implemented. +.Nm +will coalesce constructed types that DER specifies should be primitive. +.Nm +will primarily normalize bitstrings, booleans, and integers. +This library was primarily written to be able to provide interoperability with +OpenSSL keys and signatures, so the library was written with that in mind. +Eventually it is intended that +.Nm +will support the full set of rules, but currently some responsibility is left +to the library user. +.Pp +Also note that +.Nm +does not necessarily provide +.Dq neat +ways to construct primitives. +For example, even booleans and integers currently work just by providing a +buffer that is expected to be formatted in a sane fashion. +The library user is expected to build the object tree and generally provide the +object data in a format reasonably encoded as the data for that type should be, +then +.Nm +will provide the proper framing on write and do any transformations that may +need to be done for strict conformance. +.Pp +The +.Fn libder_open +function allocates a new +.Nm +context. +The context does not hold any state about any particular structure. +All of the state held in the context is generally described in this manpage. +The +.Fn libder_close +function will free the context. +.Pp +The +.Fn libder_abort +function will abort an in-progress +.Xr libder_read_fd 3 +operation on the existing +.Fa ctx +if it is interrupted by a signal in the middle of a +.Xr read 2 +syscall. +See +.Xr libder_read_fd 3 +for further discussion. +.Pp +The +.Fn libder_get_error +function will return an error string appropriate for the current error, if any. +The +.Fn libder_has_error +function can be used to check if an error was raised in a previous operation. +.Pp +The +.Fn libder_get_normalize +and +.Fn libder_set_normalize +functions retrieve and manipulate any number of flags that detail how +functions may be used to check or set the normalization flags given +.Nm context , +which dictates how +.Nm +will normalize data on write. +The following normalization flags may be specified: +.Bl -column "LIBDER_NORMALIZE_CONSTRUCTED" +.It LIBDER_NORMALIZE_CONSTRUCTED Ta Coalesce types that may be primitive or constructed +.It LIBDER_NORMALIZE_TAGS Ta Pack tags into the lowest possible encoded value +.El +.Pp +The +.Fn LIBDER_NORMALIZE_TYPE_FLAG "enum libder_ber_type" +macaro may also be used to specify normalization of the given universal type. +By default, every valid normalization flag is enabled. +.Pp +The +.Fn libder_get_strict +and +.Fn libder_set_strict +functions may used to check or set the strict read state of the given +.Nm +context. +By default, +.Nm +operates in strict mode and rejects various methods of expressing data that are +valid looking but not strictly conformant. +The +.Va LDE_STRICT_* +constants in +.In libder.h +describe the various scenarios that strict mode may reject. +.Pp +The +.Fn libder_get_verbose +and +.Fn libder_set_verbose +functions may be used to check or set the verbosity of the given +.Nm +context. +This primarily controls how +.Nm +behaves when an error is encountered. +By default, the library will silently set the error state and return. +With a verbosity level of 1, an error will be printed when the error state is +set that contains the string that would be returned by +.Fn libder_get_error . +With a verbosity level of 2, the filename and line within +.Nm +that the error occurred in will be printed, which is primarily intended for +debugging +.Nm . +.Sh SEE ALSO +.Xr libder_obj 3 , +.Xr libder_read 3 , +.Xr libder_type 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder.c b/contrib/libder/libder/libder.c new file mode 100644 index 000000000000..2d52fedd62bd --- /dev/null +++ b/contrib/libder/libder/libder.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include "libder_private.h" + +#include +#include + +/* + * Sets up the context, returns NULL on error. + */ +struct libder_ctx * +libder_open(void) +{ + struct libder_ctx *ctx; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + return (NULL); + + /* Initialize */ + ctx->error = LDE_NONE; + ctx->buffer_size = 0; + ctx->verbose = 0; + ctx->normalize = LIBDER_NORMALIZE_ALL; + ctx->strict = true; + ctx->abort = 0; + + return (ctx); +} + +void +libder_abort(struct libder_ctx *ctx) +{ + + ctx->abort = 1; +} + +LIBDER_PRIVATE size_t +libder_get_buffer_size(struct libder_ctx *ctx) +{ + + if (ctx->buffer_size == 0) { + long psize; + + psize = sysconf(_SC_PAGESIZE); + if (psize <= 0) + psize = 4096; + + ctx->buffer_size = psize; + } + + return (ctx->buffer_size); +} + +uint64_t +libder_get_normalize(struct libder_ctx *ctx) +{ + + return (ctx->normalize); +} + +/* + * Set the normalization flags; returns the previous value. + */ +uint64_t +libder_set_normalize(struct libder_ctx *ctx, uint64_t nmask) +{ + uint64_t old = ctx->normalize; + + ctx->normalize = (nmask & LIBDER_NORMALIZE_ALL); + return (old); +} + +bool +libder_get_strict(struct libder_ctx *ctx) +{ + + return (ctx->strict); +} + +bool +libder_set_strict(struct libder_ctx *ctx, bool strict) +{ + bool oval = ctx->strict; + + ctx->strict = strict; + return (oval); +} + +int +libder_get_verbose(struct libder_ctx *ctx) +{ + + return (ctx->verbose); +} + +int +libder_set_verbose(struct libder_ctx *ctx, int verbose) +{ + int oval = ctx->verbose; + + ctx->verbose = verbose; + return (oval); +} + +void +libder_close(struct libder_ctx *ctx) +{ + + if (ctx == NULL) + return; + + free(ctx); +} + diff --git a/contrib/libder/libder/libder.h b/contrib/libder/libder/libder.h new file mode 100644 index 000000000000..4d28aa3052ba --- /dev/null +++ b/contrib/libder/libder/libder.h @@ -0,0 +1,181 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include +#include + +enum libder_ber_class { + BC_UNIVERSAL = 0, + BC_APPLICATION = 1, + BC_CONTEXT = 2, + BC_PRIVATE = 3, +}; + +enum libder_ber_type { + BT_RESERVED = 0x00, + BT_BOOLEAN = 0x01, + BT_INTEGER = 0x02, + BT_BITSTRING = 0x03, + BT_OCTETSTRING = 0x04, + BT_NULL = 0x05, + BT_OID = 0x06, + BT_OBJDESC = 0x07, + BT_EXTERNAL = 0x08, + BT_REAL = 0x09, + BT_ENUMERATED = 0x0a, + BT_PDV = 0x0b, + BT_UTF8STRING = 0x0c, + BT_RELOID = 0x0d, + + /* 0x10, 011 not usable */ + + BT_NUMERICSTRING = 0x012, + BT_STRING = 0x13, + BT_TELEXSTRING = 0x14, + BT_VIDEOTEXSTRING = 0x15, + BT_IA5STRING = 0x16, + BT_UTCTIME = 0x17, + BT_GENTIME = 0x18, + BT_GFXSTRING = 0x19, + BT_VISSTRING = 0x1a, + BT_GENSTRING = 0x1b, + BT_UNIVSTRING = 0x1c, + BT_CHARSTRING = 0x1d, + BT_BMPSTRING = 0x1e, + + BT_SEQUENCE = 0x30, + BT_SET = 0x31, +}; + +#define BER_TYPE_CONSTRUCTED_MASK 0x20 /* Bit 6 */ +#define BER_TYPE_CLASS_MASK 0xc0 /* Bits 7 and 8 */ + +/* + * The difference between the type and the full type is just that the full type + * will indicate the class of type, so it may be more useful for some operations. + */ +#define BER_FULL_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CLASS_MASK | BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE_CLASS(tval) \ + (((tval) & BER_TYPE_CLASS_MASK) >> 6) +#define BER_TYPE_CONSTRUCTED(tval) \ + (((tval) & BER_TYPE_CONSTRUCTED_MASK) != 0) + +enum libder_error { + LDE_NONE = 0x00, + LDE_NOMEM, /* Out of memory */ + LDE_INVAL, /* Invalid parameter */ + LDE_SHORTHDR, /* Header too short */ + LDE_BADVARLEN, /* Bad variable length encoding */ + LDE_LONGLEN, /* Encoded length too large (8 byte max) */ + LDE_SHORTDATA, /* Payload not available */ + LDE_GARBAGE, /* Garbage after encoded data */ + LDE_STREAMERR, /* Stream error */ + LDE_TRUNCVARLEN, /* Variable length object truncated */ + LDE_COALESCE_BADCHILD, /* Bad child encountered when coalescing */ + LDE_BADOBJECT, /* Payload not valid for object type */ + + /* Strict violations */ + LDE_STRICT_EOC, /* Strict: end-of-content violation */ + LDE_STRICT_TAG, /* Strict: tag violation */ + LDE_STRICT_PVARLEN, /* Strict: primitive using indefinite length */ + LDE_STRICT_BOOLEAN, /* Strict: boolean encoded incorrectly */ + LDE_STRICT_NULL, /* Strict: null encoded incorrectly */ + LDE_STRICT_PRIMITIVE, /* Strict: type must be primitive */ + LDE_STRICT_CONSTRUCTED, /* Strict: type must be constructed */ + LDE_STRICT_BITSTRING, /* Strict: malformed constructed bitstring */ +}; + +struct libder_ctx; +struct libder_tag; +struct libder_object; + +/* + * By default we normalize everything, but we allow some subset of the + * functionality to be disabled. Lengths are non-optional and will always be + * normalized to a fixed short or long length. The upper 32-bits of + * ctx->normalize are reserved for universal types so that we can quickly map + * those without assigning them names. + */ + +/* Normalize constructed types that should be coalesced (e.g., strings, time). */ +#define LIBDER_NORMALIZE_CONSTRUCTED 0x0000000000000001ULL + +/* + * Normalize tags on read. This is mostly a measure to ensure that + * normalization on write doesn't get thwarted; there's no reason anybody should + * be encoding low tags with the long form, but the spec doesn't appear to + * forbid it. + */ +#define LIBDER_NORMALIZE_TAGS 0x0000000000000002ULL + +/* Universal types (reserved) */ +#define LIBDER_NORMALIZE_TYPE_MASK 0xffffffff00000000ULL +#define LIBDER_NORMALIZE_TYPE_FLAG(val) ((1ULL << val) << 32ULL) + +/* All valid bits. */ +#define LIBDER_NORMALIZE_ALL \ + (LIBDER_NORMALIZE_TYPE_MASK | LIBDER_NORMALIZE_CONSTRUCTED | \ + LIBDER_NORMALIZE_TAGS) + +struct libder_ctx * libder_open(void); +void libder_close(struct libder_ctx *); +void libder_abort(struct libder_ctx *); +const char *libder_get_error(struct libder_ctx *); +bool libder_has_error(struct libder_ctx *); +uint64_t libder_get_normalize(struct libder_ctx *); +uint64_t libder_set_normalize(struct libder_ctx *, uint64_t); +bool libder_get_strict(struct libder_ctx *); +bool libder_set_strict(struct libder_ctx *, bool); +int libder_get_verbose(struct libder_ctx *); +int libder_set_verbose(struct libder_ctx *, int); + +struct libder_object *libder_read(struct libder_ctx *, const uint8_t *, size_t *); +struct libder_object *libder_read_fd(struct libder_ctx *, int, size_t *); +struct libder_object *libder_read_file(struct libder_ctx *, FILE *, size_t *); + +uint8_t *libder_write(struct libder_ctx *, struct libder_object *, uint8_t *, + size_t *); + +#define DER_CHILDREN(obj) libder_obj_children(obj) +#define DER_NEXT(obj) libder_obj_next(obj) + +#define DER_FOREACH_CHILD(var, obj) \ + for ((var) = DER_CHILDREN((obj)); \ + (var); \ + (var) = DER_NEXT((var))) +#define DER_FOREACH_CHILD_SAFE(var, obj, tvar) \ + for ((var) = DER_CHILDREN((obj)); \ + (var) && ((tvar) = DER_NEXT((var)), 1); \ + (var) = (tvar)) + +struct libder_object *libder_obj_alloc(struct libder_ctx *, struct libder_tag *, const uint8_t *, size_t); +struct libder_object *libder_obj_alloc_simple(struct libder_ctx *, uint8_t, const uint8_t *, + size_t); +void libder_obj_free(struct libder_object *); + +bool libder_obj_append(struct libder_object *, struct libder_object *); +struct libder_object *libder_obj_child(const struct libder_object *, size_t); +struct libder_object *libder_obj_children(const struct libder_object *); +struct libder_object *libder_obj_next(const struct libder_object *); +struct libder_tag *libder_obj_type(const struct libder_object *); +uint8_t libder_obj_type_simple(const struct libder_object *); +const uint8_t *libder_obj_data(const struct libder_object *, size_t *); + +/* Debugging aide -- probably shouldn't use. */ +void libder_obj_dump(const struct libder_object *, FILE *); + +struct libder_tag *libder_type_alloc_simple(struct libder_ctx *, uint8_t); +struct libder_tag *libder_type_dup(struct libder_ctx *, const struct libder_tag *); +void libder_type_free(struct libder_tag *); +#define libder_type_simple libder_type_simple_abi +uint8_t libder_type_simple(const struct libder_tag *); diff --git a/contrib/libder/libder/libder_error.c b/contrib/libder/libder/libder_error.c new file mode 100644 index 000000000000..6ca0acc83e6d --- /dev/null +++ b/contrib/libder/libder/libder_error.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include "libder_private.h" + +#undef libder_set_error + +static const char libder_error_nodesc[] = "[Description not available]"; + +#define DESCRIBE(err, msg) { LDE_ ## err, msg } +static const struct libder_error_desc { + enum libder_error desc_error; + const char *desc_str; +} libder_error_descr[] = { + DESCRIBE(NONE, "No error"), + DESCRIBE(NOMEM, "Out of memory"), + DESCRIBE(INVAL, "Invalid parameter"), + DESCRIBE(SHORTHDR, "Header too short"), + DESCRIBE(BADVARLEN, "Bad variable length encoding"), + DESCRIBE(LONGLEN, "Encoded length too large (8 byte max)"), + DESCRIBE(SHORTDATA, "Payload not available (too short)"), + DESCRIBE(GARBAGE, "Garbage after encoded data"), + DESCRIBE(STREAMERR, "Stream error"), + DESCRIBE(TRUNCVARLEN, "Variable length object truncated"), + DESCRIBE(COALESCE_BADCHILD, "Bad child encountered when coalescing"), + DESCRIBE(BADOBJECT, "Payload not valid for object type"), + DESCRIBE(STRICT_EOC, "Strict: end-of-content violation"), + DESCRIBE(STRICT_TAG, "Strict: tag violation"), + DESCRIBE(STRICT_PVARLEN, "Strict: primitive using indefinite length"), + DESCRIBE(STRICT_BOOLEAN, "Strict: boolean encoded incorrectly"), + DESCRIBE(STRICT_NULL, "Strict: null encoded incorrectly"), + DESCRIBE(STRICT_PRIMITIVE, "Strict: type must be primitive"), + DESCRIBE(STRICT_CONSTRUCTED, "Strict: type must be constructed"), + DESCRIBE(STRICT_BITSTRING, "Strict: malformed constructed bitstring"), +}; + +const char * +libder_get_error(struct libder_ctx *ctx) +{ + const struct libder_error_desc *desc; + + for (size_t i = 0; i < nitems(libder_error_descr); i++) { + desc = &libder_error_descr[i]; + + if (desc->desc_error == ctx->error) + return (desc->desc_str); + } + + return (libder_error_nodesc); +} + +bool +libder_has_error(struct libder_ctx *ctx) +{ + + return (ctx->error != 0); +} + +LIBDER_PRIVATE void +libder_set_error(struct libder_ctx *ctx, int error, const char *file, int line) +{ + ctx->error = error; + + if (ctx->verbose >= 2) { + fprintf(stderr, "%s: [%s:%d]: %s (error %d)\n", + __func__, file, line, libder_get_error(ctx), error); + } else if (ctx->verbose >= 1) { + fprintf(stderr, "%s: %s (error %d)\n", __func__, + libder_get_error(ctx), error); + } +} diff --git a/contrib/libder/libder/libder_obj.3 b/contrib/libder/libder/libder_obj.3 new file mode 100644 index 000000000000..d7e51da1d2fb --- /dev/null +++ b/contrib/libder/libder/libder_obj.3 @@ -0,0 +1,138 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_OBJ 3 +.Os +.Sh NAME +.Nm libder_obj , +.Nm libder_obj_alloc , +.Nm libder_obj_alloc_simple , *** 4094 LINES SKIPPED *** From nobody Sat Jan 11 02:48:41 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJB6nPKz5l4Mw; Sat, 11 Jan 2025 02:48:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJ96W83z4HZ3; Sat, 11 Jan 2025 02:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Sx9AXl//SLuaJNEMIUWGpN/cHYLxOv+WShkOIfk0nH0=; b=wejP96GI46qt8qoTXW6KVuN5hA3HFqEkfX+2JGIS1j2oq4VxekKyad4thGRpi+Ckp0R+hI yixi/yYCqpMT5rml4n73iCUCEXOtzMAytuAFGaSBHsJFIqVUK68l6sHp1a90y/XYxCWg4Q QToTCeajDMkddPHGNRhTKarPDgW7C83js9/JuWLQO8pYVkdGWUn7Zhgn778r2cCyrh0th9 Kypmy+Vt0yepmmV06MkAMuSmJBXAPxlxoYCZz14vw+dkWF+KuKOcki1MPAryEDDoii3Fsv 3PuXFtBfP4rMsS/n90YoObT1POTX9GZshHFlTaM6h297si++nL2NCzEmaB71xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Sx9AXl//SLuaJNEMIUWGpN/cHYLxOv+WShkOIfk0nH0=; b=F0iVVENWg2YYoOK0m687BoVJDdF8+0FjRP5bXDNkHhfoETK39ErWnOpLxY1tos0ROKybt+ KuLBEo5pJ5cRGWN7pe8ShMnMKFpTYlRKx2wY7kiddBJvIPvuICbw1O4nJkfA+sHlH+CHZs iKzMPV1+Q3O9oEVNN/ufcQodVZ5YUi1ihFxdBI7XH08UAWuK54oLSyKtinRbyceJDhtAqw VwgBH92//Ri1G3RlI7A9uTmQ60pElR1VeEWEShzgpi8XMIXuJXJdM0BAO0tXFSW0mwLF/j KgBAyUhNBMaj3P9t0pS+dA8x3OwyBilAISFM3jjQhaNce39ImxhQwbSkzJi9xA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563721; a=rsa-sha256; cv=none; b=viWzmlGw6ykThFzXWZrdTB6KjSUpuHU0ODCQ1f07+kMLM92jwiuxOjRVtkA/PKOWkTS3aZ eD9cg6Ri8MCncpJqw8CL0wvHK58Eq1PIhBpr71sBqa0X5Yo7AIwQFStth5UNC9wMONZipD TfAjs+HcCj7iFivPFXUVjKVIWv2WRtcTsMF3FB5ylG4EuKyzMzVhlr2lzPk4qIP27iZPV6 uifgIkY9BlJsH0qDAUi8i8YqWKAqSfhltI3doEc8Hr1e2olgpap3aYORbdUFRsqhiSQcpt mEdqjuDHmyIIqLIln7Wr/jKIusfpxt3wfBziY8akCnNOKhNc47G2XMM7Z1GTxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJ960GtzgYs; Sat, 11 Jan 2025 02:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mf2i065964; Sat, 11 Jan 2025 02:48:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mfX9065961; Sat, 11 Jan 2025 02:48:41 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:41 GMT Message-Id: <202501110248.50B2mfX9065961@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 98b689134b69 - stable/13 - lib: hook libder up to the build List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 98b689134b696023b35197479f1fe553e22087ff Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=98b689134b696023b35197479f1fe553e22087ff commit 98b689134b696023b35197479f1fe553e22087ff Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:28 +0000 lib: hook libder up to the build libder will be used in upcoming ECC support in the pkg(7) bootstrap to read DER-encoded keys and signatures. (cherry picked from commit f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2) --- lib/Makefile | 1 + lib/libder/Makefile | 13 +++++++++++++ share/mk/src.libnames.mk | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/lib/Makefile b/lib/Makefile index 49a57d619fb9..cbc38fceb2c7 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -16,6 +16,7 @@ SUBDIR_BOOTSTRAP= \ ${_libclang_rt} \ ${_libcplusplus} \ ${_libcxxrt} \ + libder \ libelf \ libssp \ libssp_nonshared \ diff --git a/lib/libder/Makefile b/lib/libder/Makefile new file mode 100644 index 000000000000..bdd2225f0ff3 --- /dev/null +++ b/lib/libder/Makefile @@ -0,0 +1,13 @@ + +LIB= der +INTERNALLIB= + +.PATH: ${SRCTOP}/contrib/libder/libder +SRCS+= libder.c \ + libder_error.c \ + libder_obj.c \ + libder_read.c \ + libder_type.c \ + libder_write.c + +.include diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index 0a2dd0a758bc..c372614037c7 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -42,6 +42,7 @@ _INTERNALLIBS= \ bsnmptools \ c_nossp_pic \ cron \ + der \ elftc \ fifolog \ ifconfig \ @@ -572,6 +573,9 @@ LIBTELNET?= ${LIBTELNETDIR}/libtelnet${PIE_SUFFIX}.a LIBCRONDIR= ${_LIB_OBJTOP}/usr.sbin/cron/lib LIBCRON?= ${LIBCRONDIR}/libcron${PIE_SUFFIX}.a +LIBDERDIR= ${_LIB_OBJTOP}/lib/libder +LIBDER?= ${LIBDERDIR}/libder${PIE_SUFFIX}.a + LIBNTPDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntp LIBNTP?= ${LIBNTPDIR}/libntp${PIE_SUFFIX}.a From nobody Sat Jan 11 02:48:37 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJQ3ps0z5l4jr; Sat, 11 Jan 2025 02:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJQ1mFgz4Hdq; Sat, 11 Jan 2025 02:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kzF0qq9yis+dRsCIaqSyYMKkXqRtucpwdrOPgNGt9LA=; b=OO6F72OsHKG5RGHcndpP+/95KKJ5u6INjXSzQVIqgRXFM3aexrR1dd9AIJwGbYJnoENy5t pevT3J1IPTyWsug43MJ3K/c1DCMnaP57ZNlN0dJvdcfdacsjNFOUhcFZTR+rIYLudgNuxB g5u7VYb9ZLAYDDZ1YZl5DOiltzOZo3ewLQI7baRf5AyE3+yEz0UXrHNv65mzu2AQWd/7/p WpFdtUknEFfr+JqYDL5Q5OHuP5jAxIB6k51EqIt9xE7L6hWH/BMcLjZMMgZN6gLeRLC46t qn8qCvEJI5zuaAVwZhS87158P+DavuqfaLz1VIXHdfPW3vUTd2sjWNCfRuWMQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kzF0qq9yis+dRsCIaqSyYMKkXqRtucpwdrOPgNGt9LA=; b=LljIZBlujJzrGMAr49tihGNGN7Hk7AeGgksuyncLQUtfjt6AHskyEJg9O/GyrB52m6Zevu 9KuDpDsk6AWIYywUGU01veNdI8ipLg3nUHz2FfK5+1LBSnmG+dH5kOSfVMoiXuYJ1sJSPl qoDpihTgQlVN8I2qzwApIMjIZtp1KA/6y9Abc4l0KLPTdRVxkp42l6i8UWAANUopI9OqSG pGH7ACrH8N6xXNkSLiM15qmXnwB9hWoiZwyI6l7MbOtbFfVui9KsznEbBxXZN3vfnbYgn5 /nTLCwzorZIivsJbHQI4eOe30t1kLYmKPkNrAy6fdTzg6usLDVSeP4eD0WL7hg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563734; a=rsa-sha256; cv=none; b=S+MWYye7FYnyjH6OjBkUepIrE9mYOOVqIBTdVRCsctqpoMRbWHZdzXXZ2xwLXo1hIzzEQ8 anNStcqse3nYdZBpAUwHUnW4X3dym0el1LBabeHOWZcmNq2OGhJiNIhkSpC64F7CAIP9i6 t+ucUE/mxdGEdf+T5mnYrw53ySlX1mBfDostfMDzobFAp3PajvbmfGt+eZlR9BhMORqFfT aVi01CDRw6hDt/Tk/ZTSg4XbSOzAkTtjGK3/9g/EtBXl5+WQMKYaTq/cKqET1YCqLi4xC0 lfv4boOu+B04BbNSxZYWFifPOG3HhsdgQmfrrAWb10lFrD3WEDBtwu1cgAhJJg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJQ11FwzgBx; Sat, 11 Jan 2025 02:48:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2msRP066055; Sat, 11 Jan 2025 02:48:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mb0X065751; Sat, 11 Jan 2025 02:48:37 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:37 GMT Message-Id: <202501110248.50B2mb0X065751@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 539736e08ccf - stable/14 - Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 539736e08ccf6c71f5dbb506cb7849252c4bb6f2 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=539736e08ccf6c71f5dbb506cb7849252c4bb6f2 commit 539736e08ccf6c71f5dbb506cb7849252c4bb6f2 Author: Kyle Evans AuthorDate: 2025-01-01 21:11:18 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:23 +0000 Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c' git-subtree-dir: crypto/libecc git-subtree-mainline: f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2 git-subtree-split: 736d663976d1768533badbf06581481d01fade4c (cherry picked from commit f0865ec9906d5a18fa2a3b61381f22ce16e606ad) --- crypto/libecc/.github/workflows/libecc_cifuzz.yml | 26 + .../.github/workflows/libecc_compilation_tests.yml | 57 + .../.github/workflows/libecc_crossarch_tests.yml | 55 + .../libecc/.github/workflows/libecc_examples.yml | 39 + .../.github/workflows/libecc_meson_build.yml | 37 + .../.github/workflows/libecc_python_tests.yml | 43 + .../.github/workflows/libecc_runtime_tests.yml | 39 + crypto/libecc/.gitignore | 4 + crypto/libecc/.travis.yml | 287 + crypto/libecc/LICENSE | 50 + crypto/libecc/Makefile | 175 + crypto/libecc/README.md | 1345 + crypto/libecc/build/.gitignore | 3 + crypto/libecc/common.mk | 349 + crypto/libecc/include/libecc/curves/aff_pt.h | 136 + crypto/libecc/include/libecc/curves/curves.h | 31 + crypto/libecc/include/libecc/curves/curves_list.h | 248 + crypto/libecc/include/libecc/curves/ec_edwards.h | 39 + .../libecc/include/libecc/curves/ec_montgomery.h | 34 + crypto/libecc/include/libecc/curves/ec_params.h | 91 + crypto/libecc/include/libecc/curves/ec_shortw.h | 45 + .../libecc/curves/known/ec_params_bign256v1.h | 315 + .../libecc/curves/known/ec_params_bign384v1.h | 337 + .../libecc/curves/known/ec_params_bign512v1.h | 359 + .../curves/known/ec_params_brainpoolp192r1.h | 334 + .../curves/known/ec_params_brainpoolp192t1.h | 316 + .../curves/known/ec_params_brainpoolp224r1.h | 295 + .../curves/known/ec_params_brainpoolp224t1.h | 333 + .../curves/known/ec_params_brainpoolp256r1.h | 227 + .../curves/known/ec_params_brainpoolp256t1.h | 333 + .../curves/known/ec_params_brainpoolp320r1.h | 350 + .../curves/known/ec_params_brainpoolp320t1.h | 350 + .../curves/known/ec_params_brainpoolp384r1.h | 265 + .../curves/known/ec_params_brainpoolp384t1.h | 367 + .../curves/known/ec_params_brainpoolp512r1.h | 276 + .../curves/known/ec_params_brainpoolp512t1.h | 401 + .../libecc/curves/known/ec_params_external.h | 104 + .../libecc/curves/known/ec_params_frp256v1.h | 233 + .../libecc/curves/known/ec_params_gost256.h | 233 + .../libecc/curves/known/ec_params_gost512.h | 286 + ...c_params_gost_R3410_2001_CryptoPro_A_ParamSet.h | 315 + ...c_params_gost_R3410_2001_CryptoPro_B_ParamSet.h | 324 + ...c_params_gost_R3410_2001_CryptoPro_C_ParamSet.h | 333 + ...arams_gost_R3410_2001_CryptoPro_XchA_ParamSet.h | 315 + ...arams_gost_R3410_2001_CryptoPro_XchB_ParamSet.h | 333 + .../known/ec_params_gost_R3410_2001_TestParamSet.h | 324 + .../ec_params_gost_R3410_2012_256_paramSetA.h | 316 + .../ec_params_gost_R3410_2012_256_paramSetB.h | 315 + .../ec_params_gost_R3410_2012_256_paramSetC.h | 324 + .../ec_params_gost_R3410_2012_256_paramSetD.h | 333 + .../ec_params_gost_R3410_2012_512_paramSetA.h | 359 + .../ec_params_gost_R3410_2012_512_paramSetB.h | 380 + .../ec_params_gost_R3410_2012_512_paramSetC.h | 359 + .../ec_params_gost_R3410_2012_512_paramSetTest.h | 401 + .../libecc/curves/known/ec_params_secp192k1.h | 307 + .../libecc/curves/known/ec_params_secp192r1.h | 312 + .../libecc/curves/known/ec_params_secp224k1.h | 320 + .../libecc/curves/known/ec_params_secp224r1.h | 279 + .../libecc/curves/known/ec_params_secp256k1.h | 318 + .../libecc/curves/known/ec_params_secp256r1.h | 227 + .../libecc/curves/known/ec_params_secp384r1.h | 250 + .../libecc/curves/known/ec_params_secp521r1.h | 327 + .../libecc/curves/known/ec_params_sm2p192test.h | 326 + .../libecc/curves/known/ec_params_sm2p256test.h | 349 + .../libecc/curves/known/ec_params_sm2p256v1.h | 350 + .../libecc/curves/known/ec_params_wei25519.h | 334 + .../include/libecc/curves/known/ec_params_wei448.h | 391 + crypto/libecc/include/libecc/curves/prj_pt.h | 88 + crypto/libecc/include/libecc/ecdh/ecccdh.h | 63 + crypto/libecc/include/libecc/ecdh/ecdh.h | 21 + crypto/libecc/include/libecc/ecdh/x25519_448.h | 62 + crypto/libecc/include/libecc/external_deps/print.h | 34 + crypto/libecc/include/libecc/external_deps/rand.h | 22 + crypto/libecc/include/libecc/external_deps/time.h | 23 + crypto/libecc/include/libecc/fp/fp.h | 98 + crypto/libecc/include/libecc/fp/fp_add.h | 26 + crypto/libecc/include/libecc/fp/fp_config.h | 25 + crypto/libecc/include/libecc/fp/fp_montgomery.h | 30 + crypto/libecc/include/libecc/fp/fp_mul.h | 26 + crypto/libecc/include/libecc/fp/fp_mul_redc1.h | 25 + crypto/libecc/include/libecc/fp/fp_pow.h | 22 + crypto/libecc/include/libecc/fp/fp_rand.h | 22 + crypto/libecc/include/libecc/fp/fp_sqrt.h | 25 + crypto/libecc/include/libecc/hash/bash.h | 162 + crypto/libecc/include/libecc/hash/bash224.h | 64 + crypto/libecc/include/libecc/hash/bash256.h | 64 + crypto/libecc/include/libecc/hash/bash384.h | 64 + crypto/libecc/include/libecc/hash/bash512.h | 64 + crypto/libecc/include/libecc/hash/belt-hash.h | 164 + crypto/libecc/include/libecc/hash/hash_algs.h | 554 + crypto/libecc/include/libecc/hash/hmac.h | 38 + crypto/libecc/include/libecc/hash/keccak.h | 112 + crypto/libecc/include/libecc/hash/ripemd160.h | 73 + crypto/libecc/include/libecc/hash/sha2.h | 219 + crypto/libecc/include/libecc/hash/sha224.h | 79 + crypto/libecc/include/libecc/hash/sha256.h | 79 + crypto/libecc/include/libecc/hash/sha3-224.h | 69 + crypto/libecc/include/libecc/hash/sha3-256.h | 69 + crypto/libecc/include/libecc/hash/sha3-384.h | 69 + crypto/libecc/include/libecc/hash/sha3-512.h | 69 + crypto/libecc/include/libecc/hash/sha3.h | 46 + crypto/libecc/include/libecc/hash/sha384.h | 79 + crypto/libecc/include/libecc/hash/sha512-224.h | 71 + crypto/libecc/include/libecc/hash/sha512-256.h | 71 + crypto/libecc/include/libecc/hash/sha512.h | 71 + crypto/libecc/include/libecc/hash/sha512_core.h | 46 + crypto/libecc/include/libecc/hash/shake.h | 41 + crypto/libecc/include/libecc/hash/shake256.h | 68 + crypto/libecc/include/libecc/hash/sm3.h | 73 + crypto/libecc/include/libecc/hash/streebog.h | 1301 + crypto/libecc/include/libecc/hash/streebog256.h | 65 + crypto/libecc/include/libecc/hash/streebog512.h | 65 + crypto/libecc/include/libecc/lib_ecc_config.h | 134 + crypto/libecc/include/libecc/lib_ecc_types.h | 288 + crypto/libecc/include/libecc/libarith.h | 41 + crypto/libecc/include/libecc/libec.h | 30 + crypto/libecc/include/libecc/libsig.h | 37 + crypto/libecc/include/libecc/meson.build | 156 + crypto/libecc/include/libecc/nn/nn.h | 96 + crypto/libecc/include/libecc/nn/nn_add.h | 32 + crypto/libecc/include/libecc/nn/nn_config.h | 220 + crypto/libecc/include/libecc/nn/nn_div.h | 43 + crypto/libecc/include/libecc/nn/nn_div_public.h | 30 + crypto/libecc/include/libecc/nn/nn_logical.h | 34 + crypto/libecc/include/libecc/nn/nn_mod_pow.h | 23 + crypto/libecc/include/libecc/nn/nn_modinv.h | 26 + crypto/libecc/include/libecc/nn/nn_mul.h | 29 + crypto/libecc/include/libecc/nn/nn_mul_public.h | 24 + crypto/libecc/include/libecc/nn/nn_mul_redc1.h | 26 + crypto/libecc/include/libecc/nn/nn_rand.h | 24 + crypto/libecc/include/libecc/sig/bign.h | 40 + crypto/libecc/include/libecc/sig/bign_common.h | 101 + crypto/libecc/include/libecc/sig/bip0340.h | 73 + crypto/libecc/include/libecc/sig/dbign.h | 40 + crypto/libecc/include/libecc/sig/decdsa.h | 48 + crypto/libecc/include/libecc/sig/ec_key.h | 224 + crypto/libecc/include/libecc/sig/ecdsa.h | 48 + crypto/libecc/include/libecc/sig/ecdsa_common.h | 88 + crypto/libecc/include/libecc/sig/ecfsdsa.h | 94 + crypto/libecc/include/libecc/sig/ecgdsa.h | 85 + crypto/libecc/include/libecc/sig/eckcdsa.h | 84 + crypto/libecc/include/libecc/sig/ecosdsa.h | 69 + crypto/libecc/include/libecc/sig/ecrdsa.h | 85 + crypto/libecc/include/libecc/sig/ecsdsa.h | 81 + crypto/libecc/include/libecc/sig/ecsdsa_common.h | 51 + crypto/libecc/include/libecc/sig/eddsa.h | 134 + crypto/libecc/include/libecc/sig/fuzzing_ecdsa.h | 28 + crypto/libecc/include/libecc/sig/fuzzing_ecgdsa.h | 28 + crypto/libecc/include/libecc/sig/fuzzing_ecrdsa.h | 28 + crypto/libecc/include/libecc/sig/sig_algs.h | 113 + .../libecc/include/libecc/sig/sig_algs_internal.h | 650 + crypto/libecc/include/libecc/sig/sm2.h | 83 + crypto/libecc/include/libecc/utils/dbg_sig.h | 61 + crypto/libecc/include/libecc/utils/print_buf.h | 18 + crypto/libecc/include/libecc/utils/print_curves.h | 28 + crypto/libecc/include/libecc/utils/print_fp.h | 28 + crypto/libecc/include/libecc/utils/print_keys.h | 26 + crypto/libecc/include/libecc/utils/print_nn.h | 24 + crypto/libecc/include/libecc/utils/utils.h | 196 + crypto/libecc/include/libecc/utils/utils_rand.h | 22 + crypto/libecc/include/libecc/words/types.h | 163 + crypto/libecc/include/libecc/words/words.h | 129 + crypto/libecc/include/libecc/words/words_16.h | 73 + crypto/libecc/include/libecc/words/words_32.h | 73 + crypto/libecc/include/libecc/words/words_64.h | 74 + crypto/libecc/meson.build | 282 + crypto/libecc/meson.options | 127 + crypto/libecc/scripts/crossbuild.sh | 315 + crypto/libecc/scripts/crossrun.sh | 124 + crypto/libecc/scripts/expand_libecc.py | 1956 + crypto/libecc/scripts/gen_curves_tests.sh | 89 + crypto/libecc/scripts/gen_openssl_curves_tests.sh | 52 + crypto/libecc/scripts/sha3.py | 115 + crypto/libecc/scripts/test_ec_utils.sh | 82 + crypto/libecc/src/arithmetic_tests/Makefile | 26 + .../libecc/src/arithmetic_tests/arithmetic_tests.c | 1233 + .../arithmetic_tests/arithmetic_tests_generator.py | 2009 + crypto/libecc/src/curves/aff_pt.c | 346 + crypto/libecc/src/curves/aff_pt_edwards.c | 855 + crypto/libecc/src/curves/aff_pt_montgomery.c | 579 + crypto/libecc/src/curves/curves.c | 256 + crypto/libecc/src/curves/ec_edwards.c | 79 + crypto/libecc/src/curves/ec_montgomery.c | 85 + crypto/libecc/src/curves/ec_params.c | 194 + crypto/libecc/src/curves/ec_shortw.c | 107 + crypto/libecc/src/curves/meson.build | 11 + crypto/libecc/src/curves/prj_pt.c | 2113 + crypto/libecc/src/ecdh/ecccdh.c | 242 + crypto/libecc/src/ecdh/meson.build | 4 + crypto/libecc/src/ecdh/x25519_448.c | 435 + crypto/libecc/src/examples/Makefile | 50 + crypto/libecc/src/examples/basic/Makefile | 43 + .../src/examples/basic/curve_basic_examples.c | 401 + crypto/libecc/src/examples/basic/curve_ecdh.c | 284 + .../libecc/src/examples/basic/fp_square_residue.c | 131 + crypto/libecc/src/examples/basic/nn_miller_rabin.c | 223 + crypto/libecc/src/examples/basic/nn_pollard_rho.c | 259 + crypto/libecc/src/examples/hash/Makefile | 37 + crypto/libecc/src/examples/hash/gostr34_11_94.c | 631 + crypto/libecc/src/examples/hash/gostr34_11_94.h | 193 + crypto/libecc/src/examples/hash/hash.c | 510 + crypto/libecc/src/examples/hash/hash.h | 106 + crypto/libecc/src/examples/hash/md2.c | 228 + crypto/libecc/src/examples/hash/md2.h | 63 + crypto/libecc/src/examples/hash/md4.c | 264 + crypto/libecc/src/examples/hash/md4.h | 136 + crypto/libecc/src/examples/hash/md5.c | 265 + crypto/libecc/src/examples/hash/md5.h | 137 + crypto/libecc/src/examples/hash/mdc2.c | 305 + crypto/libecc/src/examples/hash/mdc2.h | 102 + crypto/libecc/src/examples/hash/sha0.c | 264 + crypto/libecc/src/examples/hash/sha0.h | 135 + crypto/libecc/src/examples/hash/sha1.c | 264 + crypto/libecc/src/examples/hash/sha1.h | 135 + crypto/libecc/src/examples/hash/tdes.c | 492 + crypto/libecc/src/examples/hash/tdes.h | 77 + crypto/libecc/src/examples/sig/Makefile | 52 + crypto/libecc/src/examples/sig/common/common.h | 248 + crypto/libecc/src/examples/sig/dsa/Makefile | 34 + crypto/libecc/src/examples/sig/dsa/dsa.c | 555 + crypto/libecc/src/examples/sig/dsa/dsa.h | 75 + .../libecc/src/examples/sig/gostr34_10_94/Makefile | 34 + .../src/examples/sig/gostr34_10_94/gostr34_10_94.c | 521 + .../src/examples/sig/gostr34_10_94/gostr34_10_94.h | 72 + crypto/libecc/src/examples/sig/kcdsa/Makefile | 37 + crypto/libecc/src/examples/sig/kcdsa/kcdsa.c | 759 + crypto/libecc/src/examples/sig/kcdsa/kcdsa.h | 72 + crypto/libecc/src/examples/sig/rsa/Makefile | 36 + crypto/libecc/src/examples/sig/rsa/rsa.c | 2057 + crypto/libecc/src/examples/sig/rsa/rsa.h | 187 + .../libecc/src/examples/sig/rsa/rsa_pkcs1_tests.h | 111724 +++ crypto/libecc/src/examples/sig/rsa/rsa_tests.h | 215 + crypto/libecc/src/examples/sig/sdsa/Makefile | 34 + crypto/libecc/src/examples/sig/sdsa/sdsa.c | 467 + crypto/libecc/src/examples/sig/sdsa/sdsa.h | 72 + crypto/libecc/src/examples/sss/Makefile | 44 + crypto/libecc/src/examples/sss/sss.c | 772 + crypto/libecc/src/examples/sss/sss.h | 98 + crypto/libecc/src/examples/sss/sss_private.h | 30 + crypto/libecc/src/external_deps/meson.build | 5 + crypto/libecc/src/external_deps/print.c | 31 + crypto/libecc/src/external_deps/rand.c | 121 + crypto/libecc/src/external_deps/time.c | 72 + crypto/libecc/src/fp/fp.c | 470 + crypto/libecc/src/fp/fp_add.c | 140 + crypto/libecc/src/fp/fp_montgomery.c | 91 + crypto/libecc/src/fp/fp_mul.c | 138 + crypto/libecc/src/fp/fp_mul_redc1.c | 112 + crypto/libecc/src/fp/fp_pow.c | 79 + crypto/libecc/src/fp/fp_rand.c | 34 + crypto/libecc/src/fp/fp_sqrt.c | 281 + crypto/libecc/src/fp/meson.build | 10 + crypto/libecc/src/hash/bash.c | 138 + crypto/libecc/src/hash/bash224.c | 110 + crypto/libecc/src/hash/bash256.c | 110 + crypto/libecc/src/hash/bash384.c | 114 + crypto/libecc/src/hash/bash512.c | 110 + crypto/libecc/src/hash/belt-hash.c | 471 + crypto/libecc/src/hash/hash_algs.c | 429 + crypto/libecc/src/hash/hmac.c | 185 + crypto/libecc/src/hash/meson.build | 27 + crypto/libecc/src/hash/ripemd160.c | 348 + crypto/libecc/src/hash/sha224.c | 250 + crypto/libecc/src/hash/sha256.c | 241 + crypto/libecc/src/hash/sha3-224.c | 115 + crypto/libecc/src/hash/sha3-256.c | 115 + crypto/libecc/src/hash/sha3-384.c | 119 + crypto/libecc/src/hash/sha3-512.c | 115 + crypto/libecc/src/hash/sha3.c | 116 + crypto/libecc/src/hash/sha384.c | 255 + crypto/libecc/src/hash/sha512-224.c | 124 + crypto/libecc/src/hash/sha512-256.c | 124 + crypto/libecc/src/hash/sha512.c | 125 + crypto/libecc/src/hash/sha512_core.c | 189 + crypto/libecc/src/hash/shake.c | 103 + crypto/libecc/src/hash/shake256.c | 96 + crypto/libecc/src/hash/sm3.c | 360 + crypto/libecc/src/hash/streebog.c | 344 + crypto/libecc/src/nn/meson.build | 11 + crypto/libecc/src/nn/nn.c | 608 + crypto/libecc/src/nn/nn_add.c | 613 + crypto/libecc/src/nn/nn_div.c | 1271 + crypto/libecc/src/nn/nn_div.h | 43 + crypto/libecc/src/nn/nn_logical.c | 577 + crypto/libecc/src/nn/nn_mod_pow.c | 334 + crypto/libecc/src/nn/nn_modinv.c | 587 + crypto/libecc/src/nn/nn_mul.c | 197 + crypto/libecc/src/nn/nn_mul.h | 29 + crypto/libecc/src/nn/nn_mul_redc1.c | 342 + crypto/libecc/src/nn/nn_rand.c | 133 + crypto/libecc/src/sig/bign.c | 79 + crypto/libecc/src/sig/bign_common.c | 1001 + crypto/libecc/src/sig/bip0340.c | 1325 + crypto/libecc/src/sig/dbign.c | 115 + crypto/libecc/src/sig/decdsa.c | 121 + crypto/libecc/src/sig/ec_key.c | 620 + crypto/libecc/src/sig/ecdsa.c | 85 + crypto/libecc/src/sig/ecdsa_common.c | 1039 + crypto/libecc/src/sig/ecfsdsa.c | 1087 + crypto/libecc/src/sig/ecgdsa.c | 621 + crypto/libecc/src/sig/eckcdsa.c | 841 + crypto/libecc/src/sig/ecosdsa.c | 99 + crypto/libecc/src/sig/ecrdsa.c | 623 + crypto/libecc/src/sig/ecsdsa.c | 97 + crypto/libecc/src/sig/ecsdsa_common.c | 632 + crypto/libecc/src/sig/eddsa.c | 2935 + crypto/libecc/src/sig/fuzzing_ecdsa.c | 434 + crypto/libecc/src/sig/fuzzing_ecgdsa.c | 391 + crypto/libecc/src/sig/fuzzing_ecrdsa.c | 425 + crypto/libecc/src/sig/meson.build | 26 + crypto/libecc/src/sig/sig_algs.c | 1112 + crypto/libecc/src/sig/sm2.c | 724 + crypto/libecc/src/tests/bign_test_vectors.h | 448 + crypto/libecc/src/tests/bip0340_test_vectors.h | 204 + crypto/libecc/src/tests/dbign_test_vectors.h | 232 + crypto/libecc/src/tests/decdsa_test_vectors.h | 1362 + crypto/libecc/src/tests/ec_self_tests.c | 302 + crypto/libecc/src/tests/ec_self_tests.h | 21 + crypto/libecc/src/tests/ec_self_tests_core.c | 1975 + crypto/libecc/src/tests/ec_self_tests_core.h | 5757 + crypto/libecc/src/tests/ec_utils.c | 1878 + crypto/libecc/src/tests/ecccdh_test_vectors.h | 3750 + crypto/libecc/src/tests/ed25519_test_vectors.h | 24610 + crypto/libecc/src/tests/ed25519ctx_test_vectors.h | 138 + crypto/libecc/src/tests/ed25519ph_test_vectors.h | 45 + crypto/libecc/src/tests/ed448_test_vectors.h | 317 + crypto/libecc/src/tests/ed448ph_test_vectors.h | 74 + crypto/libecc/src/tests/meson.build | 55 + crypto/libecc/src/tests/x25519_test_vectors.h | 142 + crypto/libecc/src/tests/x448_test_vectors.h | 75 + crypto/libecc/src/utils/meson.build | 15 + crypto/libecc/src/utils/print_buf.c | 31 + crypto/libecc/src/utils/print_curves.c | 76 + crypto/libecc/src/utils/print_fp.c | 65 + crypto/libecc/src/utils/print_keys.c | 42 + crypto/libecc/src/utils/print_nn.c | 37 + crypto/libecc/src/utils/utils.c | 233 + crypto/libecc/src/utils/utils_rand.c | 51 + crypto/libecc/src/utils/utils_rand.h | 22 + crypto/libecc/src/wycheproof_tests/Makefile | 17 + .../src/wycheproof_tests/libecc_wycheproof.c | 838 + .../src/wycheproof_tests/libecc_wycheproof.h | 151 + .../src/wycheproof_tests/libecc_wycheproof_tests.h | 728074 ++++++++++++++++++ crypto/libecc/support/meson/armv7em-noneabi.ini | 17 + 344 files changed, 959066 insertions(+) diff --git a/crypto/libecc/.github/workflows/libecc_cifuzz.yml b/crypto/libecc/.github/workflows/libecc_cifuzz.yml new file mode 100644 index 000000000000..d315da238fc6 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_cifuzz.yml @@ -0,0 +1,26 @@ +name: CIFuzz +on: [pull_request] +jobs: + Fuzzing: + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'libecc' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'libecc' + fuzz-seconds: 300 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/crypto/libecc/.github/workflows/libecc_compilation_tests.yml b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml new file mode 100644 index 000000000000..76aae957f362 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml @@ -0,0 +1,57 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + compilation_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang, g++, clang++] + blinding: [0, 1] + complete: [0, 1] + ladder: [0, 1] + cryptofuzz: [0, 1] + optflags: ["-O3", "-O2", "-O1"] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc compilation tests + - name: libecc compilation tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + COMPLETE: ${{ matrix.complete }} + LADDER: ${{ matrix.ladder }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + EXTRA_LIB_CFLAGS: ${{ matrix.optflags }} + EXTRA_BIN_CFLAGS: ${{ matrix.optflags }} + shell: bash + run: | + # Compilation tests of all cases + # + make && cd src/arithmetic_tests/ && make clean && make bin && make clean && cd -; + cd src/examples/ && make clean && make && cd - && make clean; + make 16; + cd src/examples/ && make clean && make 16 && cd - && make clean; + make 32; + cd src/examples/ && make clean && make 32 && cd - && make clean; + make 64; + cd src/examples/ && make clean && make 64 && cd - && make clean; + # We perform one test with the sanitizers + USE_SANITIZERS=1 make; + cd src/examples/ && make clean && USE_SANITIZERS=1 make && cd - && make clean; + # + make debug; + cd src/examples/ && make clean && make debug && cd - && make clean; + make debug16; + cd src/examples/ && make clean && make debug16 && cd - && make clean; + make debug32; + cd src/examples/ && make clean && make debug32 && cd - && make clean; + make debug64; + cd src/examples/ && make clean && make debug64 && cd - && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml new file mode 100644 index 000000000000..93dbca1b5719 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml @@ -0,0 +1,55 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + cross_arch_tests: + runs-on: ubuntu-20.04 + strategy: + #max-parallel: 10 + matrix: + blinding: [0, 1] + complete: [1] + ladder: [1] + #cross_target: [arm-linux-gnueabi, arm-linux-gnueabihf, aarch64-linux-gnu, powerpc64le-linux-gnu, mipsel-linux-gnu, i686-w64-mingw32, x86_64-w64-mingw32, i386-apple-darwin, x86_64-apple-darwin, x86_64h-apple-darwin] + cross_target: [arm-linux-gnueabi, arm-linux-gnueabihf, aarch64-linux-gnu, powerpc64le-linux-gnu, mipsel-linux-gnu, i686-w64-mingw32, x86_64-w64-mingw32] + cross_size: [16, 32, 64] + steps: + # Add swap because of possible out of memory issues + - name: Set Swap Space + uses: pierotofy/set-swap-space@master + with: + swap-size-gb: 10 + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # Cross build and cross run tests + - name: libecc cross-arch tests + env: + BLINDING: ${{ matrix.blinding }} + COMPLETE: ${{ matrix.complete }} + LADDER: ${{ matrix.ladder }} + CROSS_TARGET: ${{ matrix.cross_target }} + CROSS_SIZE: ${{ matrix.cross_size }} + CRYPTOFUZZ: 1 + shell: bash + run: | + # Install stuff + sudo apt-get update; + # This oddity is due to ubuntu (18.04 and 20.04) issue with wine32 in + # githbub actions runners ... + sudo apt-get -y install software-properties-common; + sudo apt-add-repository "ppa:ondrej/php" -y; + sudo dpkg --add-architecture i386; + sudo apt-get update; + sudo apt-get -y install qemu-user-static wine-stable wine32 wine64; + # Cross build jobs + docker pull multiarch/crossbuild; + sh scripts/crossbuild.sh -triplet "${CROSS_TARGET}" "${CROSS_SIZE}"; + # Check for errors + [ ! -z "$(ls -A scripts/crossbuild_out/error_log/)" ] && exit -1; + # Test generated cross binaries through qemu-static; + sh scripts/crossrun.sh -triplet "${CROSS_TARGET}" "${CROSS_SIZE}"; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_examples.yml b/crypto/libecc/.github/workflows/libecc_examples.yml new file mode 100644 index 000000000000..f50e6da9ee60 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_examples.yml @@ -0,0 +1,39 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + examples: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [0, 1] + cryptofuzz: [1] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc examples tests + - name: libecc examples tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + shell: bash + run: | + # Install OpenMP + sudo apt-get update; + sudo apt-get -y install libomp-dev; + # Compile and compile the tests + # + EXTRA_CFLAGS="-DUSER_NN_BIT_LEN=4096" make && cd src/examples/ && EXTRA_CFLAGS="-DUSER_NN_BIT_LEN=4096" make && ./sig/rsa/rsa && ./sig/dsa/dsa && ./sig/kcdsa/kcdsa && ./sig/sdsa/sdsa && ./sig/gostr34_10_94/gostr34_10_94 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + make 32 && cd src/examples/ && make 32 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + make 16 && cd src/examples/ && make 16 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_meson_build.yml b/crypto/libecc/.github/workflows/libecc_meson_build.yml new file mode 100644 index 000000000000..e942ae9c2470 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_meson_build.yml @@ -0,0 +1,37 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + compilation_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang, g++, clang++] + blinding: [0, 1] + complete: [0, 1] + ladder: [0, 1] + cryptofuzz: [0, 1] + optflags: ["-O3", "-O2", "-O1"] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc compilation tests using meson + - name: libecc meson compilation tests + shell: bash + run: | + sudo apt-get update; + sudo apt-get -y install python3-pip; + pip install meson; + pip install ninja; + pip install dunamai; + # Compilation tests of all cases + # + rm -rf builddir/ && meson setup -Dwith_wordsize=16 builddir && cd builddir && meson dist && cd -; + rm -rf builddir/ && meson setup -Dwith_wordsize=32 builddir && cd builddir && meson dist && cd -; + rm -rf builddir/ && meson setup -Dwith_wordsize=64 builddir && cd builddir && meson dist && cd -; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_python_tests.yml b/crypto/libecc/.github/workflows/libecc_python_tests.yml new file mode 100644 index 000000000000..895760f7369e --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_python_tests.yml @@ -0,0 +1,43 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + runtime_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [0, 1] + cryptofuzz: [1] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc python tests + - name: libecc python tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + shell: bash + run: | + # Install Python2 and OpenMP + sudo apt-get update; + sudo apt-get -y install python2 libomp-dev; + # Test our Python libecc expanding script + # Python3 + echo "y" | python3 scripts/expand_libecc.py --remove-all && PYTHON=python3 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors rand; + # Clean + echo "y" | python3 scripts/expand_libecc.py --remove-all && make clean; + # Python2 + echo "y" | python2 scripts/expand_libecc.py --remove-all && PYTHON=python2 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors rand; + # Clean + echo "y" | python2 scripts/expand_libecc.py --remove-all && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_runtime_tests.yml b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml new file mode 100644 index 000000000000..2432511a1be0 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml @@ -0,0 +1,39 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + runtime_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [1] + cryptofuzz: [1] + wordsize: [64, 32, 16] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc runtime tests + - name: libecc runtime tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + WORDSIZE: ${{ matrix.wordsize }} + shell: bash + run: | + # Install OpenMP + sudo apt-get update; + sudo apt-get -y install libomp-dev; + # Vanilla tests + # + make "${WORDSIZE}" && ./build/ec_self_tests vectors rand; + continue-on-error: false diff --git a/crypto/libecc/.gitignore b/crypto/libecc/.gitignore new file mode 100644 index 000000000000..da8ab177478b --- /dev/null +++ b/crypto/libecc/.gitignore @@ -0,0 +1,4 @@ +*.o +*.d +*~ +*.su \ No newline at end of file diff --git a/crypto/libecc/.travis.yml b/crypto/libecc/.travis.yml new file mode 100644 index 000000000000..45f70324466f --- /dev/null +++ b/crypto/libecc/.travis.yml @@ -0,0 +1,287 @@ +language: c +os: linux +dist: + - bionic + +env: + global: + # COVERITY_SCAN_TOKEN + - secure: "jhz0JLrLjWABZfT/mWiwuddUMvJNdrkIWJEqFGtGLO/x/nbiFD8ooHl/Sb+JSOsr8obXYMVmO+7ubTOLeqAbfaqS/5OZSQZjKAl4G6vGK40qY8cm1F7PTv5H3533XJGG6u4SZkMMlecz1UwsdmQ/5uabhzZwa9vMhuWJPkFy6uwvv09+r7cu8p4sN1KKfkIqIwpdpWmoOoltxfLPKkaIuxhftKDCYrcpd9K82NfXm/9Whxfra35Wq9IcxZXfNt6QKw0OLGnwR70hQZrRsd0bQAzeerWHCnqAbY2neNtMjiV905GJkUaCvWTF6P2ZbTCzN3Jy6wGz/LMSyztnWy/0pa9+dEWdCOZPLsrg+BTcBZNwPBho/Lg/diA/8Dz9plDirvogTpz6O0vzqmLRTVUp6uqBsTAnPHvNS1iz7hUwwvuItSAWOywVeVlpZ2mxUsOUyVzp2iZ9VEr4yk15LLbeYTPIMY2QbwBuG6TkgYn5EiCwsaQlSmPeyJlkc2a5tji2Rgms0wcpOReBxyKKN30LqZyac+bdlkwl6IqzaSWGz0wle68+1vNura+a909kGONLAx/0dbBzL1t5pFrJfDN7brBuk1wJuurecn8owdts4iPMaowpje79BG2hTQot969Ig00j4mhg1BJv5kk7c/mO3TqbDW8tPAto5tcWrYfELu4=" + +before_install: + - echo -n | openssl s_client -connect https://scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- + + +addons: + apt: + update: true + packages: + - make + - gcc + - clang + - qemu-user-static + - wine-stable + - wine32 + - wine64 + - python3 + + coverity_scan: + project: + name: "rb-anssi/libecc_local" + description: "Build submitted via Travis CI of libecc" + notification_email: ryadbenadjila@gmail.com + build_command: make + branch_pattern: coverity_scan + +cache: + apt: true + +# We use docker for the cross-build +services: + - docker + +# All our jobs +env: + matrix: + # Python libecc expand script test + - TEST_PYTHON_EXPAND_SCRIPT=1 + # Vanilla tests (on native plaform) + - BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + # Cross compilation tests (using docker and qemu-static) + # arm-linux-gnueabi + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + # arm-linux-gnueabihf + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + # powerpc64le-linux-gnu + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + # aarch64-linux-gnu + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + # mipsel-linux-gnu + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=0 + # i386-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=0 + # x86_64-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=0 + # x86_64h-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + # i686-w64-mingw32 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=0 + # x86_64-w64-mingw32 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=0 + +script: + # Coverity scan static analysis + - if [ "${COVERITY_SCAN_BRANCH}" == 1 ]; then make; fi + - if [ "${COVERITY_SCAN_BRANCH}" == 1 ]; then exit 0; fi + # Test our Python libecc expanding script + # Python2 + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python2 scripts/expand_libecc.py --remove-all && PYTHON=python2 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand; fi; + # Python3 + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python3 scripts/expand_libecc.py --remove-all && PYTHON=python3 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand; fi; + # Clean + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python2 scripts/expand_libecc.py --remove-all && make clean; fi; + # Vanilla tests + - if [ "$TRAVIS_EVENT_TYPE" = "pull_request" ]; then git fetch origin refs/pull/${TRAVIS_PULL_REQUEST}/head && git checkout FETCH_HEAD; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 16 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 16 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 16 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 32 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 32 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 32 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 64 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 64 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 64 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make debug && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make debug && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make debug && cd - && make clean; fi *** 960508 LINES SKIPPED *** From nobody Sat Jan 11 02:48:55 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJS0bD7z5l4Q8; Sat, 11 Jan 2025 02:48:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJR2tF8z4Hbq; Sat, 11 Jan 2025 02:48:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BnM9G+CjUiQi09D1FXYj+46wwAb2/tXpChXj9rVxUn4=; b=Wpkfwu3s4lPFcF+oH0MyoCsV9SWCj6i+6hW3uSIykIdtIYGhNnix4XNNbLSU/FOXRBLdXH Mba7StewW+8pyCxiTgW2ubPia9cyHFcTeS3wRlcqcfQOvxvTXElYfSzhvZ9ZFfv8BqbYbi uEhV394V5tS4484Ffvvl3fSW6YNuST/yH2uMHgtve/TCO8SSTg3gvvlXc6gpYzszzHfWHP eaIHHsBIEhj46EfmdbH2kOY80jS/gbNIXCAt/Ej45YW+rwpqtP+4DHFeMEwEMYfUEPKY60 Vc/r3TuanWQUlZ8LhY9PjxGDZJELNSLDzv3dc0T2n6u2a9X6Dxw6PuxcwXIiiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BnM9G+CjUiQi09D1FXYj+46wwAb2/tXpChXj9rVxUn4=; b=pYP8IiVro1dTvaNmj5FtCgpJhsB6MKP1n5kbfC1Xnxn+0PKfOpJQ85FiLrmDgKcgZ60Wov tLxpu9F1E74rcZ8amzB/xaHu17MLV18R5Ye8RpiVSAnMRhO2iG31XzJZB2ARwcmIQdfo28 N1AdpBBNnQSIjGU3GfDbSeXgpvhvaRIv1wEGYmJeCClqvk/RZd2XmU9/9iMBcKp0/btl2e xQtQHMVBPa0occv4wYzZsLyKRUCjoZ1Hho0ZWZPPnN6uKJPkzZXMU6Bs/OHZjWpIn32Tp1 4VzSpiXfewMa4hutvifky1Ojfa1Hloc60tYM607pWAwX39k7rBUAh/jZcCSufA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563735; a=rsa-sha256; cv=none; b=JmtInxaq0KC3UiovWRr76ghxW71g4xLIl6xaoSzVvAkSEV5+z/5XnPJyg99kx0AUSiVKH0 HTOY18w7akE/aal95F3s2h5Jsqe3pu+VZ+UGXp+hCewvgASplD4bZVPAemf2E34QAqXdiV Gdna6SNkZuGrmKEO1hJ3yfk0pXV+qo90O2mHD17tv/k+N4skj1Bf24bs8n8/UB6YT1jKnx 9iqVDizSz2K7SQ/+dgkNVu6k6pa3KRsMSITg0qWrGxuzSHVyr/2t4noGUI3+5+7nm//Djo ZV1FENcQivrVw1mmdYKjoOONE5LlDFPkVGHjRdS5KKydy6urUd0cq5cVENvTlw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJR1yR9zgY7; Sat, 11 Jan 2025 02:48:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mtV6066100; Sat, 11 Jan 2025 02:48:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mtai066097; Sat, 11 Jan 2025 02:48:55 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:55 GMT Message-Id: <202501110248.50B2mtai066097@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 616156f8e6ea - stable/14 - secure: hook up libecc as libpkgecc List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 616156f8e6eaefe5e3e0df6621129f4bf9003344 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=616156f8e6eaefe5e3e0df6621129f4bf9003344 commit 616156f8e6eaefe5e3e0df6621129f4bf9003344 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:24 +0000 secure: hook up libecc as libpkgecc libecc is not intended to be general use, other applications should really be using openssl. pkg(7) uses libecc to align with the pkg(8) project and its goals. This will be used in the upcoming support for ECC in pkg(7). Reviewed by: emaste (cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742) --- secure/lib/Makefile | 2 +- secure/lib/libpkgecc/Makefile | 137 +++++++++++++++++++++++++++++++++ secure/lib/libpkgecc/pkg_libecc_rand.c | 22 ++++++ share/mk/src.libnames.mk | 4 + 4 files changed, 164 insertions(+), 1 deletion(-) diff --git a/secure/lib/Makefile b/secure/lib/Makefile index b4b586fa6585..bc659916e152 100644 --- a/secure/lib/Makefile +++ b/secure/lib/Makefile @@ -1,7 +1,7 @@ .include -SUBDIR= +SUBDIR= libpkgecc .if ${MK_OPENSSL} != "no" SUBDIR+=libcrypto libssl .if ${MK_OPENSSH} != "no" diff --git a/secure/lib/libpkgecc/Makefile b/secure/lib/libpkgecc/Makefile new file mode 100644 index 000000000000..476cd8635aeb --- /dev/null +++ b/secure/lib/libpkgecc/Makefile @@ -0,0 +1,137 @@ + +# STOP - This is not a general purpose library and is only for use by pkg(7) +# to align with the implementation in pkg(8). +LIB= pkgecc +INTERNALLIB= + +.PATH: $(SRCTOP)/crypto/libecc +SRCS+= pkg_libecc_rand.c + +# curves_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/curves +SRCS+= aff_pt.c \ + aff_pt_montgomery.c \ + ec_edwards.c \ + ec_montgomery.c \ + ec_params.c \ + ec_shortw.c \ + aff_pt_edwards.c \ + curves.c \ + prj_pt.c + +# utils_ec_src +.PATH: $(SRCTOP)/crypto/libecc/src/utils +SRCS+= print_curves.c + +# fp_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/fp +SRCS+= fp_add.c \ + fp.c \ + fp_montgomery.c \ + fp_mul.c \ + fp_mul_redc1.c \ + fp_pow.c \ + fp_rand.c \ + fp_sqrt.c + +# nn_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/nn +SRCS+= nn_add.c \ + nn.c \ + nn_div.c \ + nn_logical.c \ + nn_modinv.c \ + nn_mod_pow.c \ + nn_mul.c \ + nn_mul_redc1.c \ + nn_rand.c + +# utils_arith_src +SRCS+= utils.c \ + utils_rand.c \ + print_buf.c \ + print_fp.c \ + print_nn.c + +## libsign bits +# hash_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/hash +SRCS+= hash_algs.c \ + sm3.c \ + streebog.c \ + ripemd160.c \ + belt-hash.c \ + hmac.c \ + bash224.c \ + bash256.c \ + bash384.c \ + bash512.c \ + bash.c \ + sha224.c \ + sha256.c \ + sha3-224.c \ + sha3-256.c \ + sha3-384.c \ + sha3-512.c \ + sha384.c \ + sha3.c \ + sha512-224.c \ + sha512-256.c \ + sha512.c \ + sha512_core.c \ + shake256.c \ + shake.c + +# sig_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/sig +SRCS+= decdsa.c \ + ecdsa.c \ + ecfsdsa.c \ + ecgdsa.c \ + eckcdsa.c \ + ecosdsa.c \ + ecrdsa.c \ + ecsdsa.c \ + eddsa.c \ + fuzzing_ecdsa.c \ + fuzzing_ecgdsa.c \ + fuzzing_ecrdsa.c \ + ecdsa_common.c \ + ecsdsa_common.c \ + sig_algs.c \ + sm2.c \ + bign_common.c \ + bign.c \ + dbign.c \ + bip0340.c + +# key_mod_src +SRCS+= ec_key.c + +# utils_sign_src +.PATH: $(SRCTOP)/crypto/libecc/src/sig +SRCS+= print_keys.c + +# ecdh_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/ecdh +SRCS+= ecccdh.c \ + x25519_448.c + +# external_deps +.PATH: $(SRCTOP)/crypto/libecc/src/external_deps +SRCS+= print.c + +CONFLICTS= -Dsha256_init=_libecc_sha256_init \ + -Dsha256_update=_libecc_sha256_update \ + -Dsha256_final=_libecc_sha256_final \ + -Dsha512_224_init=_libecc_sha512_224_init \ + -Dsha512_256_init=_libecc_sha512_256_init + +CFLAGS= -I$(SRCTOP)/crypto/libecc/include \ + -ffreestanding \ + -fno-builtin \ + -DUSE_WARN_UNUSED_RET \ + -DWITH_STDLIB \ + $(CONFLICTS) + +.include diff --git a/secure/lib/libpkgecc/pkg_libecc_rand.c b/secure/lib/libpkgecc/pkg_libecc_rand.c new file mode 100644 index 000000000000..c190c9094538 --- /dev/null +++ b/secure/lib/libpkgecc/pkg_libecc_rand.c @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: Unlicense */ +#include +#include + +#include + +int +get_random(unsigned char *buf, uint16_t len) +{ + + /* + * We need random numbers even in a sandbox, so we can't use + * /dev/urandom as the external_deps version of get_random() does on + * FreeBSD. arc4random_buf() is a better choice because it uses the + * underlying getrandom(2) instead of needing to open a device handle. + * + * We don't have any guarantees that this won't open a device on other + * platforms, but we also don't do any sandboxing on those platforms. + */ + arc4random_buf(buf, len); + return 0; +} diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index 9cba6c8cc7c3..837d6f842da3 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -61,6 +61,7 @@ _INTERNALLIBS= \ parse \ pe \ pfctl \ + pkgecc \ pmcstat \ sl \ sm \ @@ -616,6 +617,9 @@ LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a +LIBPKGECCDIR= ${_LIB_OBJTOP}/secure/lib/libpkgecc +LIBPKGECC?= ${LIBPKGECCDIR}/libpkgecc${PIE_SUFFIX}.a + LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a From nobody Sat Jan 11 02:48:56 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJT160Zz5l4QC; Sat, 11 Jan 2025 02:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJS3ZmQz4HkM; Sat, 11 Jan 2025 02:48:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563736; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=r9vsMJMFInTtggJNM8Dqdshe/s7YaebVTy/iSRFcJn8=; b=ybEbZEEhB/KuWEkhlUEhWsbR4ATKUPUPBlUVOtOwVa9obk9h2eLV1vQ92rAWaJk6fdhgqM 0QRYFeGV/bFgx/0DVhkuO1GiA/sQW5N058eMKPpavQ7FiWT0CYTXSW/vmpigFBEly0Gvp3 UiTLUNaz/zgZejcVua1gib0av9EK57K3Uyhq3fFIDTWFZm/4JuNxiM/u80jv8mL6TiMR+B j5CftfOKfnwbCG1eEMzkn4o5uqy4oIQ6py9BUbLh1KaB3MASGVculbiYNEROWvbIMPXYq2 mhctmpfV20Uch8lVBzJ5xY0g468lh5KpB0WmtSiFBHJVj05sGhEKY08LzCs3Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563736; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=r9vsMJMFInTtggJNM8Dqdshe/s7YaebVTy/iSRFcJn8=; b=TVxIsVnod1VNICtiw5WQYxAYKgSvJf5tMiUNxxTSRj56RigJ9VgJt3VJu///IYmhEJ/017 7ONRKBqATe222MmQ+04kOPLuFssvyFoZpBul0373dGn50eommyUI0dXo/H1/iCMDXE7Th6 K0qtSNU/2uqGcAjykfPtnXMIINAG9OuP4qW6olHhJZoWGhq4Ixsy7fsxXsErMgb/CiGQZl wzFkzlbPf+BL9kkb+/vIT+1iFNdy4PiXYsHZsXhz7k2FKh1wNiuoU9DqxIkR5Dd9YO/Ust 7TUckzLxHNBdNRqJA8Ecwak763ZkgzWYs0s7WkPJRzENAfZsQUs1v+0YRAfusA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563736; a=rsa-sha256; cv=none; b=KaDOQABvTjSx98iKlY6BKX1VnjCZp74gvdVfwrxhrq76vPoLBBOHFP70NGDCz32kENOgJ8 /Yuoegfyl8DHa97Rk4Nn5GBBBsIJLQ7ifcFQBqR29Vp6NKyBTuYZnZyI7gtXqe6QrNuV2j NFfejRwtlvj2lXJUbsAIIJ1NsP+L/VqFHxcdiceMdBe0hK/EQ1ARHNLSrMJyhvIKF07i4K LPDXyKEfxgYXu8fIBKZFWWL9pO41q7j7CNy4Gj/3gC6Ljv3xyDQa3fCNRjX1l8iYyHZo5x CuWAGmNRbYk/73uBvvjYneU6GOjGem5ORpdUxOB3vVCvmBuJ9GPumCLktaYG1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJS2xJhzgYt; Sat, 11 Jan 2025 02:48:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mu6j066160; Sat, 11 Jan 2025 02:48:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2muhE066155; Sat, 11 Jan 2025 02:48:56 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:56 GMT Message-Id: <202501110248.50B2muhE066155@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 292d6586e232 - stable/14 - pkg: pull rsa bits out of pkg.c List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 292d6586e232b5b87ad3d999850dfe544d3ce4ad Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=292d6586e232b5b87ad3d999850dfe544d3ce4ad commit 292d6586e232b5b87ad3d999850dfe544d3ce4ad Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:24 +0000 pkg: pull rsa bits out of pkg.c We'll eventually add a pkgsign abstraction over these similar to how we do in pkg(8), but start by isolating these parts. Reviewed by: bapt, emaste (cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0) --- usr.sbin/pkg/Makefile | 2 +- usr.sbin/pkg/pkg.c | 130 +----------------------------------------- usr.sbin/pkg/pkg.h | 50 ++++++++++++++++ usr.sbin/pkg/rsa.c | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 207 insertions(+), 130 deletions(-) diff --git a/usr.sbin/pkg/Makefile b/usr.sbin/pkg/Makefile index 3e0e047382ca..af0a4d57ee90 100644 --- a/usr.sbin/pkg/Makefile +++ b/usr.sbin/pkg/Makefile @@ -22,7 +22,7 @@ CONFSNAME_${PKGCONF}= ${PKGCONF:C/\.conf.+$/.conf/} CONFSDIR= /etc/pkg CONFSMODE= 644 PROG= pkg -SRCS= pkg.c dns_utils.c config.c hash.c +SRCS= pkg.c rsa.c dns_utils.c config.c hash.c MAN= pkg.7 CFLAGS+=-I${SRCTOP}/contrib/libucl/include diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index bb42526f56cb..4cadff155516 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -49,27 +49,12 @@ #include #include -#include -#include +#include "pkg.h" #include "dns_utils.h" #include "config.h" #include "hash.h" -struct sig_cert { - char *name; - unsigned char *sig; - int siglen; - unsigned char *cert; - int certlen; - bool trusted; -}; - -struct pubkey { - unsigned char *sig; - int siglen; -}; - typedef enum { HASH_UNKNOWN, HASH_SHA256, @@ -401,119 +386,6 @@ load_fingerprints(const char *path, int *count) return (fingerprints); } -static EVP_PKEY * -load_public_key_file(const char *file) -{ - EVP_PKEY *pkey; - BIO *bp; - char errbuf[1024]; - - bp = BIO_new_file(file, "r"); - if (!bp) - errx(EXIT_FAILURE, "Unable to read %s", file); - - if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) - warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf)); - - BIO_free(bp); - - return (pkey); -} - -static EVP_PKEY * -load_public_key_buf(const unsigned char *cert, int certlen) -{ - EVP_PKEY *pkey; - BIO *bp; - char errbuf[1024]; - - bp = BIO_new_mem_buf(__DECONST(void *, cert), certlen); - - if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - - BIO_free(bp); - - return (pkey); -} - -static bool -rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, - int keylen, unsigned char *sig, int siglen) -{ - EVP_MD_CTX *mdctx; - EVP_PKEY *pkey; - char *sha256; - char errbuf[1024]; - bool ret; - - sha256 = NULL; - pkey = NULL; - mdctx = NULL; - ret = false; - - SSL_load_error_strings(); - - /* Compute SHA256 of the package. */ - if (lseek(fd, 0, 0) == -1) { - warn("lseek"); - goto cleanup; - } - if ((sha256 = sha256_fd(fd)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } - - if (sigfile != NULL) { - if ((pkey = load_public_key_file(sigfile)) == NULL) { - warnx("Error reading public key"); - goto cleanup; - } - } else { - if ((pkey = load_public_key_buf(key, keylen)) == NULL) { - warnx("Error reading public key"); - goto cleanup; - } - } - - /* Verify signature of the SHA256(pkg) is valid. */ - if ((mdctx = EVP_MD_CTX_create()) == NULL) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - if (EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - ret = true; - printf("done\n"); - goto cleanup; - -error: - printf("failed\n"); - -cleanup: - free(sha256); - if (pkey) - EVP_PKEY_free(pkey); - if (mdctx) - EVP_MD_CTX_destroy(mdctx); - ERR_free_strings(); - - return (ret); -} - static struct pubkey * read_pubkey(int fd) { diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h new file mode 100644 index 000000000000..01f69f5a825b --- /dev/null +++ b/usr.sbin/pkg/pkg.h @@ -0,0 +1,50 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2012-2014 Baptiste Daroussin + * Copyright (c) 2013 Bryan Drewery + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _PKG_H +#define _PKG_H + +struct sig_cert { + char *name; + unsigned char *sig; + int siglen; + unsigned char *cert; + int certlen; + bool trusted; +}; + +struct pubkey { + unsigned char *sig; + int siglen; +}; + +bool rsa_verify_cert(int, const char *, const unsigned char *, int, + unsigned char *, int); + +#endif /* _PKG_H */ diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c new file mode 100644 index 000000000000..afc446a6ad06 --- /dev/null +++ b/usr.sbin/pkg/rsa.c @@ -0,0 +1,155 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2012-2014 Baptiste Daroussin + * Copyright (c) 2013 Bryan Drewery + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include +#include + +#include +#include + +#include "pkg.h" + +#include "config.h" +#include "hash.h" + +static EVP_PKEY * +load_public_key_file(const char *file) +{ + EVP_PKEY *pkey; + BIO *bp; + char errbuf[1024]; + + bp = BIO_new_file(file, "r"); + if (!bp) + errx(EXIT_FAILURE, "Unable to read %s", file); + + if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) + warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf)); + + BIO_free(bp); + + return (pkey); +} + +static EVP_PKEY * +load_public_key_buf(const unsigned char *cert, int certlen) +{ + EVP_PKEY *pkey; + BIO *bp; + char errbuf[1024]; + + bp = BIO_new_mem_buf(__DECONST(void *, cert), certlen); + + if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + + BIO_free(bp); + + return (pkey); +} + +bool +rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, + int keylen, unsigned char *sig, int siglen) +{ + EVP_MD_CTX *mdctx; + EVP_PKEY *pkey; + char *sha256; + char errbuf[1024]; + bool ret; + + sha256 = NULL; + pkey = NULL; + mdctx = NULL; + ret = false; + + SSL_load_error_strings(); + + /* Compute SHA256 of the package. */ + if (lseek(fd, 0, 0) == -1) { + warn("lseek"); + goto cleanup; + } + if ((sha256 = sha256_fd(fd)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } + + if (sigfile != NULL) { + if ((pkey = load_public_key_file(sigfile)) == NULL) { + warnx("Error reading public key"); + goto cleanup; + } + } else { + if ((pkey = load_public_key_buf(key, keylen)) == NULL) { + warnx("Error reading public key"); + goto cleanup; + } + } + + /* Verify signature of the SHA256(pkg) is valid. */ + if ((mdctx = EVP_MD_CTX_create()) == NULL) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + if (EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + ret = true; + printf("done\n"); + goto cleanup; + +error: + printf("failed\n"); + +cleanup: + free(sha256); + if (pkey) + EVP_PKEY_free(pkey); + if (mdctx) + EVP_MD_CTX_destroy(mdctx); + ERR_free_strings(); + + return (ret); +} From nobody Sat Jan 11 02:48:58 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJW1qrLz5l4jx; Sat, 11 Jan 2025 02:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJV4jJKz4Hmg; Sat, 11 Jan 2025 02:48:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7s6E2UiIz8xNBliSgb4zRHHyjNjB4Zwgj3IPZjuMSQ8=; b=smU18a4gWiFvO8yQOQ9IzHwp6fKCUgyqNo7KvvU8oMu+GtSYDt2zSXC06sc6BVid/fdAay dsgA4W4RIPZW/OU8uDn7K4bb7k7WDWAjspK4CYsLALwNeGsCzWqn+ABKuYAbRsiFdWcTnK Bpr/9uGC5IhcVpzm1Ln37LH69Z1dP3JZiDpicaCH0Xy/Q8w5sJG1PFCgRCei/AKm2pWCdG 3sTtEwhYP8W24R9zfCXd9BVJg2RqCgfqohsN2fJFRE9FJE50asUX21xM3JyO/c+WIMRRfM lOKuaaFyBdDPOGZYfHxwlxwRMfFVHKgupJ0Xd8QXyCXAtswi5XwMj7Nuo9m+Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7s6E2UiIz8xNBliSgb4zRHHyjNjB4Zwgj3IPZjuMSQ8=; b=bkQ91gZ1eeis++9YAUpdtawXilJj6cpJgq+qTEMkiurz0gwgSaDXwTxr13IV2TbrShI7xE xW9B9d5yFReEnUgvUSavCF/M8zcCLh8pwhcreE7+tnUqws6Ehh3LVCKiY75FNqY9NkqmJy p39lbfxYt3XRusVwbKa7c4n1eUP0gpemjMNQ4BbjHuFpCfgd+GI4k8QXm1qaupa3S4P+ZU 0UOZUGekJ8KBoOOrog+5dqch2J4tiXykC6lwWQAvy3qFEpRFUh2w2nj7EAjqXBSnelcoZa YhJ8ipTwoyz+zVmq2wJO9LDgJhP6nXijOgT1KPsKknoV/uD14Set7F83js2Hvw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563738; a=rsa-sha256; cv=none; b=KD1uYBPZbsN8fEYd5L9aGCmETXVyMNdo6YxyhPqhkm54bAb69SHAnl55oNIrfT829Sn8Qs 25xkGnQdV+mR11g4qggPLwNgyVFGMmzEV4fMs4sW0vhVFZ6AF6/MYSAUwydrUWj2wXvjZn 9UcO/yheONJxDRNfS3u+LyEfqIhYLIrh6KFg3JEa0ZlkfI67+z7XqryJIDo0VRix8WSL8U FeAqNxo8NpvBemlQKP0xZ7a/jwrouRoxjkkv6PODPcmd2ErVNl+qYjwQiY95JnvgBVA/S5 NbqcFvAGqN9a05RueHUlXJjCFWoT8jpo6WiZYmZvKU+Q1E+qrggBRRgw0371IA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJV43njzfy2; Sat, 11 Jan 2025 02:48:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mwEe066272; Sat, 11 Jan 2025 02:48:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mwxN066269; Sat, 11 Jan 2025 02:48:58 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:58 GMT Message-Id: <202501110248.50B2mwxN066269@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 1e3003bed3ad - stable/14 - pkg: abstract rsa out behind a pkgsign API List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 1e3003bed3ad490f17e06df7b8ae075ec43470e8 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=1e3003bed3ad490f17e06df7b8ae075ec43470e8 commit 1e3003bed3ad490f17e06df7b8ae075ec43470e8 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:25 +0000 pkg: abstract rsa out behind a pkgsign API This mirrors a change we made in pkg(8), and will be used to next add another signer that does ECC. Reviewed by: bapt, emaste (cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead) --- usr.sbin/pkg/pkg.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- usr.sbin/pkg/pkg.h | 22 ++++++++++++-- usr.sbin/pkg/rsa.c | 11 +++++-- 3 files changed, 110 insertions(+), 9 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 9b7938c97211..4176639e25d9 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -35,6 +35,7 @@ #include #include +#include #include #include #include @@ -55,6 +56,16 @@ #include "config.h" #include "hash.h" +static const struct pkgsign_impl { + const char *pi_name; + const struct pkgsign_ops *pi_ops; +} pkgsign_builtins[] = { + { + .pi_name = "rsa", + .pi_ops = &pkgsign_rsa, + }, +}; + typedef enum { HASH_UNKNOWN, HASH_SHA256, @@ -77,6 +88,61 @@ STAILQ_HEAD(fingerprint_list, fingerprint); static int debug; +static int +pkgsign_new(const char *name, struct pkgsign_ctx **ctx) +{ + const struct pkgsign_impl *impl; + const struct pkgsign_ops *ops; + struct pkgsign_ctx *nctx; + size_t ctx_size; + int ret; + + assert(*ctx == NULL); + ops = NULL; + for (size_t i = 0; i < nitems(pkgsign_builtins); i++) { + impl = &pkgsign_builtins[i]; + + if (strcmp(name, impl->pi_name) == 0) { + ops = impl->pi_ops; + break; + } + } + + if (ops == NULL) + return (ENOENT); + + ctx_size = ops->pkgsign_ctx_size; + if (ctx_size == 0) + ctx_size = sizeof(*nctx); + assert(ctx_size >= sizeof(*nctx)); + + nctx = calloc(1, ctx_size); + if (nctx == NULL) + err(EXIT_FAILURE, "calloc"); + nctx->impl = impl; + + ret = 0; + if (ops->pkgsign_new != NULL) + ret = (*ops->pkgsign_new)(name, nctx); + + if (ret != 0) { + free(nctx); + return (ret); + } + + *ctx = nctx; + return (0); +} + +static bool +pkgsign_verify_cert(const struct pkgsign_ctx *ctx, int fd, const char *sigfile, + const unsigned char *key, int keylen, unsigned char *sig, int siglen) +{ + + return ((*ctx->impl->pi_ops->pkgsign_verify_cert)(ctx, fd, sigfile, + key, keylen, sig, siglen)); +} + static int extract_pkg_static(int fd, char *p, int sz) { @@ -509,10 +575,12 @@ verify_pubsignature(int fd_pkg, int fd_sig) { struct pubkey *pk; const char *pubkey; + struct pkgsign_ctx *sctx; bool ret; pk = NULL; pubkey = NULL; + sctx = NULL; ret = false; if (config_string(PUBKEY, &pubkey) != 0) { warnx("No CONFIG_PUBKEY defined"); @@ -524,9 +592,14 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } + if (pkgsign_new("rsa", &sctx) != 0) { + warnx("Failed to fetch 'rsa' signer"); + goto cleanup; + } + /* Verify the signature. */ printf("Verifying signature with public key %s... ", pubkey); - if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig, + if (pkgsign_verify_cert(sctx, fd_pkg, pubkey, NULL, 0, pk->sig, pk->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; @@ -549,6 +622,7 @@ verify_signature(int fd_pkg, int fd_sig) struct fingerprint_list *trusted, *revoked; struct fingerprint *fingerprint; struct sig_cert *sc; + struct pkgsign_ctx *sctx; bool ret; int trusted_count, revoked_count; const char *fingerprints; @@ -557,6 +631,7 @@ verify_signature(int fd_pkg, int fd_sig) hash = NULL; sc = NULL; + sctx = NULL; trusted = revoked = NULL; ret = false; @@ -620,10 +695,15 @@ verify_signature(int fd_pkg, int fd_sig) goto cleanup; } + if (pkgsign_new("rsa", &sctx) != 0) { + fprintf(stderr, "Failed to fetch 'rsa' signer\n"); + goto cleanup; + } + /* Verify the signature. */ printf("Verifying signature with trusted certificate %s... ", sc->name); - if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig, - sc->siglen) == false) { + if (pkgsign_verify_cert(sctx, fd_pkg, NULL, sc->cert, sc->certlen, + sc->sig, sc->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; } diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index faa2be6c8376..2d0dab96a20f 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -30,6 +30,25 @@ #ifndef _PKG_H #define _PKG_H +#include + +struct pkgsign_ctx { + const struct pkgsign_impl *impl; +}; + +/* Tentatively won't be needing to free any state, all allocated in the ctx. */ +typedef int pkgsign_new_cb(const char *, struct pkgsign_ctx *); +typedef bool pkgsign_verify_cert_cb(const struct pkgsign_ctx *, int, + const char *, const unsigned char *, int, unsigned char *, int); + +struct pkgsign_ops { + size_t pkgsign_ctx_size; + pkgsign_new_cb *pkgsign_new; + pkgsign_verify_cert_cb *pkgsign_verify_cert; +}; + +extern const struct pkgsign_ops pkgsign_rsa; + struct sig_cert { char *name; unsigned char *sig; @@ -44,9 +63,6 @@ struct pubkey { int siglen; }; -bool rsa_verify_cert(int, const char *, const unsigned char *, int, - unsigned char *, int); - char *pkg_read_fd(int fd, size_t *osz); #endif /* _PKG_H */ diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index afc446a6ad06..b6345cdcecb8 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -77,9 +77,10 @@ load_public_key_buf(const unsigned char *cert, int certlen) return (pkey); } -bool -rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, - int keylen, unsigned char *sig, int siglen) +static bool +rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) { EVP_MD_CTX *mdctx; EVP_PKEY *pkey; @@ -153,3 +154,7 @@ cleanup: return (ret); } + +const struct pkgsign_ops pkgsign_rsa = { + .pkgsign_verify_cert = rsa_verify_cert, +}; From nobody Sat Jan 11 02:48:57 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJT5vXGz5l4dN; Sat, 11 Jan 2025 02:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJT3tXpz4Hvf; Sat, 11 Jan 2025 02:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563737; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gj7LkWGR/B9A6t0ggLHfeC/OB3x7UWw/k1FgLOxIKVs=; b=vvg/WneFeSODTgykOcvo5XVmzuW9sLd7sZ3Qc3mxupSETKO8v2zr1KGDzCiJkfF0g0yXck InLdTVClM5MrpFWY2/o5awY4EJKrxdV7+e3kNsnRC1RW4YXItBLfxBfWx60ZV/M1Cdef1w 6MDG3h43rH5y91OmDgwDwzDurtD3v3xR/NtZyDfHSpBHy88n3hYrH3xi71EwwQSqAx2V8/ GsT51OuOS4Rm8wf56BpK2ZRjELASPQIYS18QQ/RBo+s54IPN+LFqOxghaFCm4ngEVYuv9/ FfsWgATyF5JmruI1hA9RKSzP9pxd9ZAgBpxNjhLyAzkl54voHjcSQWga3miL4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563737; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gj7LkWGR/B9A6t0ggLHfeC/OB3x7UWw/k1FgLOxIKVs=; b=tozInuGvQ2YhrMQXDCojrA8WdpxknVGYm3wvbdx+6umiY+H4e0XWTgeQ3sQ5RFUoYozfdy FGsllVrHmU6E59wWGJL+6WsB8uRSVXd6YbrNclDQDj52rvuUcSovYywhXYYzw2QNbMyS6g Vtmj8Zy/XHu3VTIEIFxmYlAUgx/fX/fdGXk2dkQiIfH9auHVcYn6yXCPSo6+T1/HjTcf1C C7kntJhiMNn9p/Y8jp2V5qgCCVhTeiXvYMOix2fZljR0ucgvZpERfftG8Kf28kENFpypBM zXYLup21YvW4YN4Of65N7tZlj8u8vY9FiWebrQcbQYXPh5w+IdoQzSuz6KCvcw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563737; a=rsa-sha256; cv=none; b=UxfKKzSHDCzQpTvHYx9A25okrO6zYQrgtzxo46r0JzUPwErXBh+UFcwD2+4NUoMa7qOv2X I+DwY1gff6lhwPTGe3rp/MUPXK193AX5Z4wi8ZG7hb9Nwc2X8NyzAaFEycbjoM797CR09S l2tBaQAKg41bxFP3KOwie82qUVPspUr0XUtnpBkOBvRchNkBFyauB9POc3Lfc3cs5+OcmM 0fGfZX09lsAWq2dYb93hjCIX1rEwbh9ic4AG+xCTM7XSB+raCvQ3ct7pEnpkNsWtiKBBrs Nfp8yFBIe8jzgoRDhMdSIncDw4nB9EM+zmwT664gxyPC/MugqYpLUs1XPVuCVw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJT3Tv4zgBy; Sat, 11 Jan 2025 02:48:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mvk6066203; Sat, 11 Jan 2025 02:48:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mviI066200; Sat, 11 Jan 2025 02:48:57 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:57 GMT Message-Id: <202501110248.50B2mviI066200@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 836f1da80eb3 - stable/14 - pkg: refactor out a pkg_read_fd() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 836f1da80eb3d3c502d42a18411ba2e083e65e26 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=836f1da80eb3d3c502d42a18411ba2e083e65e26 commit 836f1da80eb3d3c502d42a18411ba2e083e65e26 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:25 +0000 pkg: refactor out a pkg_read_fd() We already have to do this for reading the pubkey, just pull it out for other uses. The ECC signer will use this to verify the bootstrap if the PUBKEY mechanism is used. Reviewed by: bapt, emaste (cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7) --- usr.sbin/pkg/pkg.c | 40 +++++++++++++++++++++++++++------------- usr.sbin/pkg/pkg.h | 2 ++ 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 4cadff155516..9b7938c97211 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -386,32 +386,46 @@ load_fingerprints(const char *path, int *count) return (fingerprints); } +char * +pkg_read_fd(int fd, size_t *osz) +{ + char *obuf; + char buf[4096]; + FILE *fp; + ssize_t r; + + obuf = NULL; + *osz = 0; + fp = open_memstream(&obuf, osz); + if (fp == NULL) + err(EXIT_FAILURE, "open_memstream()"); + + while ((r = read(fd, buf, sizeof(buf))) >0) { + fwrite(buf, 1, r, fp); + } + + if (ferror(fp)) + errx(EXIT_FAILURE, "reading file"); + + fclose(fp); + + return (obuf); +} + static struct pubkey * read_pubkey(int fd) { struct pubkey *pk; char *sigb; size_t sigsz; - FILE *sig; - char buf[4096]; - int r; if (lseek(fd, 0, 0) == -1) { warn("lseek"); return (NULL); } - sigsz = 0; - sigb = NULL; - sig = open_memstream(&sigb, &sigsz); - if (sig == NULL) - err(EXIT_FAILURE, "open_memstream()"); - - while ((r = read(fd, buf, sizeof(buf))) >0) { - fwrite(buf, 1, r, sig); - } + sigb = pkg_read_fd(fd, &sigsz); - fclose(sig); pk = calloc(1, sizeof(struct pubkey)); pk->siglen = sigsz; pk->sig = calloc(1, pk->siglen); diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index 01f69f5a825b..faa2be6c8376 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -47,4 +47,6 @@ struct pubkey { bool rsa_verify_cert(int, const char *, const unsigned char *, int, unsigned char *, int); +char *pkg_read_fd(int fd, size_t *osz); + #endif /* _PKG_H */ From nobody Sat Jan 11 02:48:59 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJX1BtBz5l4bW; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJW5WVKz4Hy5; Sat, 11 Jan 2025 02:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=My8hUgoVXGSosRA1UP4BUoFJnet5ctJy3gGYw0WHd0c=; b=KIIQ6ftwyAGXAw9N7jlkJvxfvsUuZAX5tC3WuQePCU/R4/7SrsxgP0qlH5Kgm6WpFAA4T7 s+xlp8q+vPB93IOD9ZvTSV9ZTBaRG5UYugSKsDK9culNPNhAWs2wgaI297JjC0c+uJofRq wUPMieo2E6qdXRYX84Q3UP6hxs2N3vT/pm5GLLeshAILJ2i8qHadCosegu9BjoUWkIMjmD osw+QzS75+ghm9Bp6M+PgXONKdrbIWySk0YKs/XDgOA59bXBxEOYC6k4AwU1W12rZXhuHl 9UAAV4vbRkKrJKXJxcZQLRWG5lpHpDaSKs5odkVUrbkU93sspTGffpGqvTYCAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=My8hUgoVXGSosRA1UP4BUoFJnet5ctJy3gGYw0WHd0c=; b=pB4dOiH7w2A21C0HMBgNu/sOkUhsk+SWuApXhSzwedr/l53bNfRd257p6KUQzZpWqojyZy hx34bIgyRwW5V+mTFRw3D+h2vaO5qp+15vpQclqn10/3G8Df9MSPf++8gANzpOFsXDIedL uOYnHzN6NjKEQWhozK4el7P1BVtSOJ599WDu9p0jO36SbPlVgKKiQo9O8lrMf3v3H3ClJq OYO2p5SUI88vvoNCES7uH75WL8lO+sMlCokX3ukpDtD6vWGQ/JBSEP+Mqmb3sIfH3hHzM0 Z9yjgUOxviUA9+4AVFTPO39J6iajXVmMRDmDd7VzVteOZjnTP/XyRs5fSm4oWw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563739; a=rsa-sha256; cv=none; b=d1WhwHbHRCCztbk4NglvkGtqpsS3eilnWW+4LYqXUXeJpeF0M55pYPV9XFoE8LX/oMoylc zabFtSrm/lX+TtM94mDk4oSOPscAtTPwMO/OsAXSm/brBfFefD9L2dTBk4RYJ9XAtDTlVS 8HgcBivR/vmMry9QIZNwYIyQWu+CMRDQGdDFp+mGj+mJNvkJFSR9M85iOn1dVLC5sqfu5i fiy+WdJspj2SllGaj8HOig8fmIJNk+AbrKYwJ/XwGl2MiatrsNkXa1ypyyS9R0utFj9Agt yu1RYx6Cd6/RebVRiYKJGv7JtR/oJprV+UOeCmCWu+OB7+7jR9ptoC9DQEukog== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJW4m9czgY8; Sat, 11 Jan 2025 02:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mxDD066322; Sat, 11 Jan 2025 02:48:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mxpb066319; Sat, 11 Jan 2025 02:48:59 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:59 GMT Message-Id: <202501110248.50B2mxpb066319@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: cb09fc9a60dc - stable/14 - pkg: add a pkgsign_verify_data callback List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: cb09fc9a60dc088d35514970e184f3481d11067a Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=cb09fc9a60dc088d35514970e184f3481d11067a commit cb09fc9a60dc088d35514970e184f3481d11067a Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:25 +0000 pkg: add a pkgsign_verify_data callback This will be used to verify raw payloads, as if signed by pkg-key(8). It will be used specifically in pkg(7) to verify .pubkeysig as published by poudriere. Amend verify_pubsignature() now to use it. For the RSA signer, we need to verify using a sha256 of the data instead of the data itself. Reviewed by: bapt (cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e) --- usr.sbin/pkg/pkg.c | 30 +++++++++++++++++++++++++++++- usr.sbin/pkg/pkg.h | 4 ++++ usr.sbin/pkg/rsa.c | 50 ++++++++++++++++++++++++++++++++------------------ 3 files changed, 65 insertions(+), 19 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 4176639e25d9..c39e210e1040 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -143,6 +143,17 @@ pkgsign_verify_cert(const struct pkgsign_ctx *ctx, int fd, const char *sigfile, key, keylen, sig, siglen)); } +static bool +pkgsign_verify_data(const struct pkgsign_ctx *ctx, const char *data, + size_t datasz, const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + + return ((*ctx->impl->pi_ops->pkgsign_verify_data)(ctx, data, datasz, + sigfile, key, keylen, sig, siglen)); +} + + static int extract_pkg_static(int fd, char *p, int sz) { @@ -575,12 +586,15 @@ verify_pubsignature(int fd_pkg, int fd_sig) { struct pubkey *pk; const char *pubkey; + char *data; struct pkgsign_ctx *sctx; + size_t datasz; bool ret; pk = NULL; pubkey = NULL; sctx = NULL; + data = NULL; ret = false; if (config_string(PUBKEY, &pubkey) != 0) { warnx("No CONFIG_PUBKEY defined"); @@ -592,6 +606,19 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } + if (lseek(fd_pkg, 0, SEEK_SET) == -1) { + warn("lseek"); + goto cleanup; + } + + /* Future types shouldn't do this. */ + if ((data = sha256_fd(fd_pkg)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } + + datasz = strlen(data); + if (pkgsign_new("rsa", &sctx) != 0) { warnx("Failed to fetch 'rsa' signer"); goto cleanup; @@ -599,7 +626,7 @@ verify_pubsignature(int fd_pkg, int fd_sig) /* Verify the signature. */ printf("Verifying signature with public key %s... ", pubkey); - if (pkgsign_verify_cert(sctx, fd_pkg, pubkey, NULL, 0, pk->sig, + if (pkgsign_verify_data(sctx, data, datasz, pubkey, NULL, 0, pk->sig, pk->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; @@ -608,6 +635,7 @@ verify_pubsignature(int fd_pkg, int fd_sig) ret = true; cleanup: + free(data); if (pk) { free(pk->sig); free(pk); diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index 2d0dab96a20f..b9fe9b5fa566 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -40,11 +40,15 @@ struct pkgsign_ctx { typedef int pkgsign_new_cb(const char *, struct pkgsign_ctx *); typedef bool pkgsign_verify_cert_cb(const struct pkgsign_ctx *, int, const char *, const unsigned char *, int, unsigned char *, int); +typedef bool pkgsign_verify_data_cb(const struct pkgsign_ctx *, + const char *, size_t, const char *, const unsigned char *, int, + unsigned char *, int); struct pkgsign_ops { size_t pkgsign_ctx_size; pkgsign_new_cb *pkgsign_new; pkgsign_verify_cert_cb *pkgsign_verify_cert; + pkgsign_verify_data_cb *pkgsign_verify_data; }; extern const struct pkgsign_ops pkgsign_rsa; diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index b6345cdcecb8..b28f44ec1953 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -78,33 +78,20 @@ load_public_key_buf(const unsigned char *cert, int certlen) } static bool -rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, - const char *sigfile, const unsigned char *key, int keylen, - unsigned char *sig, int siglen) +rsa_verify_data(const struct pkgsign_ctx *ctx __unused, + const char *data, size_t datasz, const char *sigfile, + const unsigned char *key, int keylen, unsigned char *sig, int siglen) { EVP_MD_CTX *mdctx; EVP_PKEY *pkey; - char *sha256; char errbuf[1024]; bool ret; - sha256 = NULL; pkey = NULL; mdctx = NULL; ret = false; - SSL_load_error_strings(); - /* Compute SHA256 of the package. */ - if (lseek(fd, 0, 0) == -1) { - warn("lseek"); - goto cleanup; - } - if ((sha256 = sha256_fd(fd)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } - if (sigfile != NULL) { if ((pkey = load_public_key_file(sigfile)) == NULL) { warnx("Error reading public key"); @@ -127,7 +114,7 @@ rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); goto error; } - if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { + if (EVP_DigestVerifyUpdate(mdctx, data, datasz) != 1) { warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); goto error; } @@ -145,7 +132,6 @@ error: printf("failed\n"); cleanup: - free(sha256); if (pkey) EVP_PKEY_free(pkey); if (mdctx) @@ -155,6 +141,34 @@ cleanup: return (ret); } +static bool +rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + char *sha256; + bool ret; + + sha256 = NULL; + + /* Compute SHA256 of the package. */ + if (lseek(fd, 0, 0) == -1) { + warn("lseek"); + return (false); + } + if ((sha256 = sha256_fd(fd)) == NULL) { + warnx("Error creating SHA256 hash for package"); + return (false); + } + + ret = rsa_verify_data(ctx, sha256, strlen(sha256), sigfile, key, keylen, + sig, siglen); + free(sha256); + + return (ret); +} + const struct pkgsign_ops pkgsign_rsa = { .pkgsign_verify_cert = rsa_verify_cert, + .pkgsign_verify_data = rsa_verify_data, }; From nobody Sat Jan 11 02:48:42 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJX18nVz5l4gk; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJW3CB9z4HqB; Sat, 11 Jan 2025 02:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J+0pjEE5dzyFNCXTdWr0aIKJNbgYoVX4qvaJ69VA+kc=; b=RQirJcocoY3Txs2ic9OFlbXqeSRdhVw0/pt+veSgRdeqxASnsdfWFxJgkKSY918477VXsZ TtTJPsV51cktBhD+6H7iwf9uveAQOe+5SUhOTmt98KMeLW0cNdwImWcV7bqRIuRABr+VvE qtOpgwFtxcKVdiCYWqQ8RpsNp6y2OwCRQ0Hs9LYXWCUZYC2QeMeebs/Np359PdGPHYlxRD ZnIw8ahRpi5yySgJvsFDxlvnJV2l4/VeVjxAMLhBOGRK7+WPEdrPvvKsuSohC9x8vKt/Y8 3GTunHc2UkD+74XCa4WFAbkpQM9J+Napk/60VBWQVneveerdC5xNioj11gX8cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J+0pjEE5dzyFNCXTdWr0aIKJNbgYoVX4qvaJ69VA+kc=; b=DtnOZ83BuF30db72gWRY1htP2E6+rrznGXtjUWXRtySTbiN0T6UEluo60gSYdxe2edN3jj p6pM42nUGVpikAKMXPo6+y8AwKiGbSYMvYHWB2BmSMXTNa3PfvSOlVMvdnbSIdzV0n7CR7 6nmHqEAOXiYnoNXfR5AdQ4x2KG6pIswU+cEU4R54HtwXLMERw4rhIjMIyK8XZ3/SP6dKl9 kLckuf35rKHTvkhINc9rP7fdpDzHNORI8+Zw+/KRnJ83FIEjB6aK6aDx9I/MXKoLZcqjSJ 2ckLPKQMgN+ASGhRXTB8i29woLhmF8dw6oV1t8Y5MtRy+QcLLw0BhT+7aCo5DA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563739; a=rsa-sha256; cv=none; b=WlnsXVXYu78M3oqq98/JUMstISTTzClE7V9K4lWW5QfTiimZZvZaAEigj4HY3P/LPFSV0h EzliQHmAxQUGqBLDYID3VOe4NthQeGTFVBfSHJKkXAtMnIEwCRsPPG0CaVF2bDvwus7Vi9 Gjlss8T0jIjHSGyCzTYW3tggjCYJbp4fUlcvIsVmmH6wLRa9FZQYtbyHClrvG5wOJeupU/ +P0iu96nxdg7epaTxIrUVmL+eQQIjXA7i5vDMnAByoC5LOUBmkG13bI42KzCZcHAMf5pbR sqvIQ2R9Jwbi4M1nvk9aJEoFVOB5bbaD6VPF+wT3Vw24qF88WbWWKDcfEnvqzg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJW2GWrzfTB; Sat, 11 Jan 2025 02:48:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2mxk5066277; Sat, 11 Jan 2025 02:48:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2mgdl066003; Sat, 11 Jan 2025 02:48:42 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:48:42 GMT Message-Id: <202501110248.50B2mgdl066003@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: c56f6dae426c - stable/13 - Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c56f6dae426c76bf060c1986fe9bdd4efbd13813 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=c56f6dae426c76bf060c1986fe9bdd4efbd13813 commit c56f6dae426c76bf060c1986fe9bdd4efbd13813 Author: Kyle Evans AuthorDate: 2025-01-01 21:11:18 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:29 +0000 Add 'crypto/libecc/' from commit '736d663976d1768533badbf06581481d01fade4c' git-subtree-dir: crypto/libecc git-subtree-mainline: f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2 git-subtree-split: 736d663976d1768533badbf06581481d01fade4c (cherry picked from commit f0865ec9906d5a18fa2a3b61381f22ce16e606ad) --- crypto/libecc/.github/workflows/libecc_cifuzz.yml | 26 + .../.github/workflows/libecc_compilation_tests.yml | 57 + .../.github/workflows/libecc_crossarch_tests.yml | 55 + .../libecc/.github/workflows/libecc_examples.yml | 39 + .../.github/workflows/libecc_meson_build.yml | 37 + .../.github/workflows/libecc_python_tests.yml | 43 + .../.github/workflows/libecc_runtime_tests.yml | 39 + crypto/libecc/.gitignore | 4 + crypto/libecc/.travis.yml | 287 + crypto/libecc/LICENSE | 50 + crypto/libecc/Makefile | 175 + crypto/libecc/README.md | 1345 + crypto/libecc/build/.gitignore | 3 + crypto/libecc/common.mk | 349 + crypto/libecc/include/libecc/curves/aff_pt.h | 136 + crypto/libecc/include/libecc/curves/curves.h | 31 + crypto/libecc/include/libecc/curves/curves_list.h | 248 + crypto/libecc/include/libecc/curves/ec_edwards.h | 39 + .../libecc/include/libecc/curves/ec_montgomery.h | 34 + crypto/libecc/include/libecc/curves/ec_params.h | 91 + crypto/libecc/include/libecc/curves/ec_shortw.h | 45 + .../libecc/curves/known/ec_params_bign256v1.h | 315 + .../libecc/curves/known/ec_params_bign384v1.h | 337 + .../libecc/curves/known/ec_params_bign512v1.h | 359 + .../curves/known/ec_params_brainpoolp192r1.h | 334 + .../curves/known/ec_params_brainpoolp192t1.h | 316 + .../curves/known/ec_params_brainpoolp224r1.h | 295 + .../curves/known/ec_params_brainpoolp224t1.h | 333 + .../curves/known/ec_params_brainpoolp256r1.h | 227 + .../curves/known/ec_params_brainpoolp256t1.h | 333 + .../curves/known/ec_params_brainpoolp320r1.h | 350 + .../curves/known/ec_params_brainpoolp320t1.h | 350 + .../curves/known/ec_params_brainpoolp384r1.h | 265 + .../curves/known/ec_params_brainpoolp384t1.h | 367 + .../curves/known/ec_params_brainpoolp512r1.h | 276 + .../curves/known/ec_params_brainpoolp512t1.h | 401 + .../libecc/curves/known/ec_params_external.h | 104 + .../libecc/curves/known/ec_params_frp256v1.h | 233 + .../libecc/curves/known/ec_params_gost256.h | 233 + .../libecc/curves/known/ec_params_gost512.h | 286 + ...c_params_gost_R3410_2001_CryptoPro_A_ParamSet.h | 315 + ...c_params_gost_R3410_2001_CryptoPro_B_ParamSet.h | 324 + ...c_params_gost_R3410_2001_CryptoPro_C_ParamSet.h | 333 + ...arams_gost_R3410_2001_CryptoPro_XchA_ParamSet.h | 315 + ...arams_gost_R3410_2001_CryptoPro_XchB_ParamSet.h | 333 + .../known/ec_params_gost_R3410_2001_TestParamSet.h | 324 + .../ec_params_gost_R3410_2012_256_paramSetA.h | 316 + .../ec_params_gost_R3410_2012_256_paramSetB.h | 315 + .../ec_params_gost_R3410_2012_256_paramSetC.h | 324 + .../ec_params_gost_R3410_2012_256_paramSetD.h | 333 + .../ec_params_gost_R3410_2012_512_paramSetA.h | 359 + .../ec_params_gost_R3410_2012_512_paramSetB.h | 380 + .../ec_params_gost_R3410_2012_512_paramSetC.h | 359 + .../ec_params_gost_R3410_2012_512_paramSetTest.h | 401 + .../libecc/curves/known/ec_params_secp192k1.h | 307 + .../libecc/curves/known/ec_params_secp192r1.h | 312 + .../libecc/curves/known/ec_params_secp224k1.h | 320 + .../libecc/curves/known/ec_params_secp224r1.h | 279 + .../libecc/curves/known/ec_params_secp256k1.h | 318 + .../libecc/curves/known/ec_params_secp256r1.h | 227 + .../libecc/curves/known/ec_params_secp384r1.h | 250 + .../libecc/curves/known/ec_params_secp521r1.h | 327 + .../libecc/curves/known/ec_params_sm2p192test.h | 326 + .../libecc/curves/known/ec_params_sm2p256test.h | 349 + .../libecc/curves/known/ec_params_sm2p256v1.h | 350 + .../libecc/curves/known/ec_params_wei25519.h | 334 + .../include/libecc/curves/known/ec_params_wei448.h | 391 + crypto/libecc/include/libecc/curves/prj_pt.h | 88 + crypto/libecc/include/libecc/ecdh/ecccdh.h | 63 + crypto/libecc/include/libecc/ecdh/ecdh.h | 21 + crypto/libecc/include/libecc/ecdh/x25519_448.h | 62 + crypto/libecc/include/libecc/external_deps/print.h | 34 + crypto/libecc/include/libecc/external_deps/rand.h | 22 + crypto/libecc/include/libecc/external_deps/time.h | 23 + crypto/libecc/include/libecc/fp/fp.h | 98 + crypto/libecc/include/libecc/fp/fp_add.h | 26 + crypto/libecc/include/libecc/fp/fp_config.h | 25 + crypto/libecc/include/libecc/fp/fp_montgomery.h | 30 + crypto/libecc/include/libecc/fp/fp_mul.h | 26 + crypto/libecc/include/libecc/fp/fp_mul_redc1.h | 25 + crypto/libecc/include/libecc/fp/fp_pow.h | 22 + crypto/libecc/include/libecc/fp/fp_rand.h | 22 + crypto/libecc/include/libecc/fp/fp_sqrt.h | 25 + crypto/libecc/include/libecc/hash/bash.h | 162 + crypto/libecc/include/libecc/hash/bash224.h | 64 + crypto/libecc/include/libecc/hash/bash256.h | 64 + crypto/libecc/include/libecc/hash/bash384.h | 64 + crypto/libecc/include/libecc/hash/bash512.h | 64 + crypto/libecc/include/libecc/hash/belt-hash.h | 164 + crypto/libecc/include/libecc/hash/hash_algs.h | 554 + crypto/libecc/include/libecc/hash/hmac.h | 38 + crypto/libecc/include/libecc/hash/keccak.h | 112 + crypto/libecc/include/libecc/hash/ripemd160.h | 73 + crypto/libecc/include/libecc/hash/sha2.h | 219 + crypto/libecc/include/libecc/hash/sha224.h | 79 + crypto/libecc/include/libecc/hash/sha256.h | 79 + crypto/libecc/include/libecc/hash/sha3-224.h | 69 + crypto/libecc/include/libecc/hash/sha3-256.h | 69 + crypto/libecc/include/libecc/hash/sha3-384.h | 69 + crypto/libecc/include/libecc/hash/sha3-512.h | 69 + crypto/libecc/include/libecc/hash/sha3.h | 46 + crypto/libecc/include/libecc/hash/sha384.h | 79 + crypto/libecc/include/libecc/hash/sha512-224.h | 71 + crypto/libecc/include/libecc/hash/sha512-256.h | 71 + crypto/libecc/include/libecc/hash/sha512.h | 71 + crypto/libecc/include/libecc/hash/sha512_core.h | 46 + crypto/libecc/include/libecc/hash/shake.h | 41 + crypto/libecc/include/libecc/hash/shake256.h | 68 + crypto/libecc/include/libecc/hash/sm3.h | 73 + crypto/libecc/include/libecc/hash/streebog.h | 1301 + crypto/libecc/include/libecc/hash/streebog256.h | 65 + crypto/libecc/include/libecc/hash/streebog512.h | 65 + crypto/libecc/include/libecc/lib_ecc_config.h | 134 + crypto/libecc/include/libecc/lib_ecc_types.h | 288 + crypto/libecc/include/libecc/libarith.h | 41 + crypto/libecc/include/libecc/libec.h | 30 + crypto/libecc/include/libecc/libsig.h | 37 + crypto/libecc/include/libecc/meson.build | 156 + crypto/libecc/include/libecc/nn/nn.h | 96 + crypto/libecc/include/libecc/nn/nn_add.h | 32 + crypto/libecc/include/libecc/nn/nn_config.h | 220 + crypto/libecc/include/libecc/nn/nn_div.h | 43 + crypto/libecc/include/libecc/nn/nn_div_public.h | 30 + crypto/libecc/include/libecc/nn/nn_logical.h | 34 + crypto/libecc/include/libecc/nn/nn_mod_pow.h | 23 + crypto/libecc/include/libecc/nn/nn_modinv.h | 26 + crypto/libecc/include/libecc/nn/nn_mul.h | 29 + crypto/libecc/include/libecc/nn/nn_mul_public.h | 24 + crypto/libecc/include/libecc/nn/nn_mul_redc1.h | 26 + crypto/libecc/include/libecc/nn/nn_rand.h | 24 + crypto/libecc/include/libecc/sig/bign.h | 40 + crypto/libecc/include/libecc/sig/bign_common.h | 101 + crypto/libecc/include/libecc/sig/bip0340.h | 73 + crypto/libecc/include/libecc/sig/dbign.h | 40 + crypto/libecc/include/libecc/sig/decdsa.h | 48 + crypto/libecc/include/libecc/sig/ec_key.h | 224 + crypto/libecc/include/libecc/sig/ecdsa.h | 48 + crypto/libecc/include/libecc/sig/ecdsa_common.h | 88 + crypto/libecc/include/libecc/sig/ecfsdsa.h | 94 + crypto/libecc/include/libecc/sig/ecgdsa.h | 85 + crypto/libecc/include/libecc/sig/eckcdsa.h | 84 + crypto/libecc/include/libecc/sig/ecosdsa.h | 69 + crypto/libecc/include/libecc/sig/ecrdsa.h | 85 + crypto/libecc/include/libecc/sig/ecsdsa.h | 81 + crypto/libecc/include/libecc/sig/ecsdsa_common.h | 51 + crypto/libecc/include/libecc/sig/eddsa.h | 134 + crypto/libecc/include/libecc/sig/fuzzing_ecdsa.h | 28 + crypto/libecc/include/libecc/sig/fuzzing_ecgdsa.h | 28 + crypto/libecc/include/libecc/sig/fuzzing_ecrdsa.h | 28 + crypto/libecc/include/libecc/sig/sig_algs.h | 113 + .../libecc/include/libecc/sig/sig_algs_internal.h | 650 + crypto/libecc/include/libecc/sig/sm2.h | 83 + crypto/libecc/include/libecc/utils/dbg_sig.h | 61 + crypto/libecc/include/libecc/utils/print_buf.h | 18 + crypto/libecc/include/libecc/utils/print_curves.h | 28 + crypto/libecc/include/libecc/utils/print_fp.h | 28 + crypto/libecc/include/libecc/utils/print_keys.h | 26 + crypto/libecc/include/libecc/utils/print_nn.h | 24 + crypto/libecc/include/libecc/utils/utils.h | 196 + crypto/libecc/include/libecc/utils/utils_rand.h | 22 + crypto/libecc/include/libecc/words/types.h | 163 + crypto/libecc/include/libecc/words/words.h | 129 + crypto/libecc/include/libecc/words/words_16.h | 73 + crypto/libecc/include/libecc/words/words_32.h | 73 + crypto/libecc/include/libecc/words/words_64.h | 74 + crypto/libecc/meson.build | 282 + crypto/libecc/meson.options | 127 + crypto/libecc/scripts/crossbuild.sh | 315 + crypto/libecc/scripts/crossrun.sh | 124 + crypto/libecc/scripts/expand_libecc.py | 1956 + crypto/libecc/scripts/gen_curves_tests.sh | 89 + crypto/libecc/scripts/gen_openssl_curves_tests.sh | 52 + crypto/libecc/scripts/sha3.py | 115 + crypto/libecc/scripts/test_ec_utils.sh | 82 + crypto/libecc/src/arithmetic_tests/Makefile | 26 + .../libecc/src/arithmetic_tests/arithmetic_tests.c | 1233 + .../arithmetic_tests/arithmetic_tests_generator.py | 2009 + crypto/libecc/src/curves/aff_pt.c | 346 + crypto/libecc/src/curves/aff_pt_edwards.c | 855 + crypto/libecc/src/curves/aff_pt_montgomery.c | 579 + crypto/libecc/src/curves/curves.c | 256 + crypto/libecc/src/curves/ec_edwards.c | 79 + crypto/libecc/src/curves/ec_montgomery.c | 85 + crypto/libecc/src/curves/ec_params.c | 194 + crypto/libecc/src/curves/ec_shortw.c | 107 + crypto/libecc/src/curves/meson.build | 11 + crypto/libecc/src/curves/prj_pt.c | 2113 + crypto/libecc/src/ecdh/ecccdh.c | 242 + crypto/libecc/src/ecdh/meson.build | 4 + crypto/libecc/src/ecdh/x25519_448.c | 435 + crypto/libecc/src/examples/Makefile | 50 + crypto/libecc/src/examples/basic/Makefile | 43 + .../src/examples/basic/curve_basic_examples.c | 401 + crypto/libecc/src/examples/basic/curve_ecdh.c | 284 + .../libecc/src/examples/basic/fp_square_residue.c | 131 + crypto/libecc/src/examples/basic/nn_miller_rabin.c | 223 + crypto/libecc/src/examples/basic/nn_pollard_rho.c | 259 + crypto/libecc/src/examples/hash/Makefile | 37 + crypto/libecc/src/examples/hash/gostr34_11_94.c | 631 + crypto/libecc/src/examples/hash/gostr34_11_94.h | 193 + crypto/libecc/src/examples/hash/hash.c | 510 + crypto/libecc/src/examples/hash/hash.h | 106 + crypto/libecc/src/examples/hash/md2.c | 228 + crypto/libecc/src/examples/hash/md2.h | 63 + crypto/libecc/src/examples/hash/md4.c | 264 + crypto/libecc/src/examples/hash/md4.h | 136 + crypto/libecc/src/examples/hash/md5.c | 265 + crypto/libecc/src/examples/hash/md5.h | 137 + crypto/libecc/src/examples/hash/mdc2.c | 305 + crypto/libecc/src/examples/hash/mdc2.h | 102 + crypto/libecc/src/examples/hash/sha0.c | 264 + crypto/libecc/src/examples/hash/sha0.h | 135 + crypto/libecc/src/examples/hash/sha1.c | 264 + crypto/libecc/src/examples/hash/sha1.h | 135 + crypto/libecc/src/examples/hash/tdes.c | 492 + crypto/libecc/src/examples/hash/tdes.h | 77 + crypto/libecc/src/examples/sig/Makefile | 52 + crypto/libecc/src/examples/sig/common/common.h | 248 + crypto/libecc/src/examples/sig/dsa/Makefile | 34 + crypto/libecc/src/examples/sig/dsa/dsa.c | 555 + crypto/libecc/src/examples/sig/dsa/dsa.h | 75 + .../libecc/src/examples/sig/gostr34_10_94/Makefile | 34 + .../src/examples/sig/gostr34_10_94/gostr34_10_94.c | 521 + .../src/examples/sig/gostr34_10_94/gostr34_10_94.h | 72 + crypto/libecc/src/examples/sig/kcdsa/Makefile | 37 + crypto/libecc/src/examples/sig/kcdsa/kcdsa.c | 759 + crypto/libecc/src/examples/sig/kcdsa/kcdsa.h | 72 + crypto/libecc/src/examples/sig/rsa/Makefile | 36 + crypto/libecc/src/examples/sig/rsa/rsa.c | 2057 + crypto/libecc/src/examples/sig/rsa/rsa.h | 187 + .../libecc/src/examples/sig/rsa/rsa_pkcs1_tests.h | 111724 +++ crypto/libecc/src/examples/sig/rsa/rsa_tests.h | 215 + crypto/libecc/src/examples/sig/sdsa/Makefile | 34 + crypto/libecc/src/examples/sig/sdsa/sdsa.c | 467 + crypto/libecc/src/examples/sig/sdsa/sdsa.h | 72 + crypto/libecc/src/examples/sss/Makefile | 44 + crypto/libecc/src/examples/sss/sss.c | 772 + crypto/libecc/src/examples/sss/sss.h | 98 + crypto/libecc/src/examples/sss/sss_private.h | 30 + crypto/libecc/src/external_deps/meson.build | 5 + crypto/libecc/src/external_deps/print.c | 31 + crypto/libecc/src/external_deps/rand.c | 121 + crypto/libecc/src/external_deps/time.c | 72 + crypto/libecc/src/fp/fp.c | 470 + crypto/libecc/src/fp/fp_add.c | 140 + crypto/libecc/src/fp/fp_montgomery.c | 91 + crypto/libecc/src/fp/fp_mul.c | 138 + crypto/libecc/src/fp/fp_mul_redc1.c | 112 + crypto/libecc/src/fp/fp_pow.c | 79 + crypto/libecc/src/fp/fp_rand.c | 34 + crypto/libecc/src/fp/fp_sqrt.c | 281 + crypto/libecc/src/fp/meson.build | 10 + crypto/libecc/src/hash/bash.c | 138 + crypto/libecc/src/hash/bash224.c | 110 + crypto/libecc/src/hash/bash256.c | 110 + crypto/libecc/src/hash/bash384.c | 114 + crypto/libecc/src/hash/bash512.c | 110 + crypto/libecc/src/hash/belt-hash.c | 471 + crypto/libecc/src/hash/hash_algs.c | 429 + crypto/libecc/src/hash/hmac.c | 185 + crypto/libecc/src/hash/meson.build | 27 + crypto/libecc/src/hash/ripemd160.c | 348 + crypto/libecc/src/hash/sha224.c | 250 + crypto/libecc/src/hash/sha256.c | 241 + crypto/libecc/src/hash/sha3-224.c | 115 + crypto/libecc/src/hash/sha3-256.c | 115 + crypto/libecc/src/hash/sha3-384.c | 119 + crypto/libecc/src/hash/sha3-512.c | 115 + crypto/libecc/src/hash/sha3.c | 116 + crypto/libecc/src/hash/sha384.c | 255 + crypto/libecc/src/hash/sha512-224.c | 124 + crypto/libecc/src/hash/sha512-256.c | 124 + crypto/libecc/src/hash/sha512.c | 125 + crypto/libecc/src/hash/sha512_core.c | 189 + crypto/libecc/src/hash/shake.c | 103 + crypto/libecc/src/hash/shake256.c | 96 + crypto/libecc/src/hash/sm3.c | 360 + crypto/libecc/src/hash/streebog.c | 344 + crypto/libecc/src/nn/meson.build | 11 + crypto/libecc/src/nn/nn.c | 608 + crypto/libecc/src/nn/nn_add.c | 613 + crypto/libecc/src/nn/nn_div.c | 1271 + crypto/libecc/src/nn/nn_div.h | 43 + crypto/libecc/src/nn/nn_logical.c | 577 + crypto/libecc/src/nn/nn_mod_pow.c | 334 + crypto/libecc/src/nn/nn_modinv.c | 587 + crypto/libecc/src/nn/nn_mul.c | 197 + crypto/libecc/src/nn/nn_mul.h | 29 + crypto/libecc/src/nn/nn_mul_redc1.c | 342 + crypto/libecc/src/nn/nn_rand.c | 133 + crypto/libecc/src/sig/bign.c | 79 + crypto/libecc/src/sig/bign_common.c | 1001 + crypto/libecc/src/sig/bip0340.c | 1325 + crypto/libecc/src/sig/dbign.c | 115 + crypto/libecc/src/sig/decdsa.c | 121 + crypto/libecc/src/sig/ec_key.c | 620 + crypto/libecc/src/sig/ecdsa.c | 85 + crypto/libecc/src/sig/ecdsa_common.c | 1039 + crypto/libecc/src/sig/ecfsdsa.c | 1087 + crypto/libecc/src/sig/ecgdsa.c | 621 + crypto/libecc/src/sig/eckcdsa.c | 841 + crypto/libecc/src/sig/ecosdsa.c | 99 + crypto/libecc/src/sig/ecrdsa.c | 623 + crypto/libecc/src/sig/ecsdsa.c | 97 + crypto/libecc/src/sig/ecsdsa_common.c | 632 + crypto/libecc/src/sig/eddsa.c | 2935 + crypto/libecc/src/sig/fuzzing_ecdsa.c | 434 + crypto/libecc/src/sig/fuzzing_ecgdsa.c | 391 + crypto/libecc/src/sig/fuzzing_ecrdsa.c | 425 + crypto/libecc/src/sig/meson.build | 26 + crypto/libecc/src/sig/sig_algs.c | 1112 + crypto/libecc/src/sig/sm2.c | 724 + crypto/libecc/src/tests/bign_test_vectors.h | 448 + crypto/libecc/src/tests/bip0340_test_vectors.h | 204 + crypto/libecc/src/tests/dbign_test_vectors.h | 232 + crypto/libecc/src/tests/decdsa_test_vectors.h | 1362 + crypto/libecc/src/tests/ec_self_tests.c | 302 + crypto/libecc/src/tests/ec_self_tests.h | 21 + crypto/libecc/src/tests/ec_self_tests_core.c | 1975 + crypto/libecc/src/tests/ec_self_tests_core.h | 5757 + crypto/libecc/src/tests/ec_utils.c | 1878 + crypto/libecc/src/tests/ecccdh_test_vectors.h | 3750 + crypto/libecc/src/tests/ed25519_test_vectors.h | 24610 + crypto/libecc/src/tests/ed25519ctx_test_vectors.h | 138 + crypto/libecc/src/tests/ed25519ph_test_vectors.h | 45 + crypto/libecc/src/tests/ed448_test_vectors.h | 317 + crypto/libecc/src/tests/ed448ph_test_vectors.h | 74 + crypto/libecc/src/tests/meson.build | 55 + crypto/libecc/src/tests/x25519_test_vectors.h | 142 + crypto/libecc/src/tests/x448_test_vectors.h | 75 + crypto/libecc/src/utils/meson.build | 15 + crypto/libecc/src/utils/print_buf.c | 31 + crypto/libecc/src/utils/print_curves.c | 76 + crypto/libecc/src/utils/print_fp.c | 65 + crypto/libecc/src/utils/print_keys.c | 42 + crypto/libecc/src/utils/print_nn.c | 37 + crypto/libecc/src/utils/utils.c | 233 + crypto/libecc/src/utils/utils_rand.c | 51 + crypto/libecc/src/utils/utils_rand.h | 22 + crypto/libecc/src/wycheproof_tests/Makefile | 17 + .../src/wycheproof_tests/libecc_wycheproof.c | 838 + .../src/wycheproof_tests/libecc_wycheproof.h | 151 + .../src/wycheproof_tests/libecc_wycheproof_tests.h | 728074 ++++++++++++++++++ crypto/libecc/support/meson/armv7em-noneabi.ini | 17 + 344 files changed, 959066 insertions(+) diff --git a/crypto/libecc/.github/workflows/libecc_cifuzz.yml b/crypto/libecc/.github/workflows/libecc_cifuzz.yml new file mode 100644 index 000000000000..d315da238fc6 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_cifuzz.yml @@ -0,0 +1,26 @@ +name: CIFuzz +on: [pull_request] +jobs: + Fuzzing: + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'libecc' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'libecc' + fuzz-seconds: 300 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/crypto/libecc/.github/workflows/libecc_compilation_tests.yml b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml new file mode 100644 index 000000000000..76aae957f362 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_compilation_tests.yml @@ -0,0 +1,57 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + compilation_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang, g++, clang++] + blinding: [0, 1] + complete: [0, 1] + ladder: [0, 1] + cryptofuzz: [0, 1] + optflags: ["-O3", "-O2", "-O1"] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc compilation tests + - name: libecc compilation tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + COMPLETE: ${{ matrix.complete }} + LADDER: ${{ matrix.ladder }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + EXTRA_LIB_CFLAGS: ${{ matrix.optflags }} + EXTRA_BIN_CFLAGS: ${{ matrix.optflags }} + shell: bash + run: | + # Compilation tests of all cases + # + make && cd src/arithmetic_tests/ && make clean && make bin && make clean && cd -; + cd src/examples/ && make clean && make && cd - && make clean; + make 16; + cd src/examples/ && make clean && make 16 && cd - && make clean; + make 32; + cd src/examples/ && make clean && make 32 && cd - && make clean; + make 64; + cd src/examples/ && make clean && make 64 && cd - && make clean; + # We perform one test with the sanitizers + USE_SANITIZERS=1 make; + cd src/examples/ && make clean && USE_SANITIZERS=1 make && cd - && make clean; + # + make debug; + cd src/examples/ && make clean && make debug && cd - && make clean; + make debug16; + cd src/examples/ && make clean && make debug16 && cd - && make clean; + make debug32; + cd src/examples/ && make clean && make debug32 && cd - && make clean; + make debug64; + cd src/examples/ && make clean && make debug64 && cd - && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml new file mode 100644 index 000000000000..93dbca1b5719 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_crossarch_tests.yml @@ -0,0 +1,55 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + cross_arch_tests: + runs-on: ubuntu-20.04 + strategy: + #max-parallel: 10 + matrix: + blinding: [0, 1] + complete: [1] + ladder: [1] + #cross_target: [arm-linux-gnueabi, arm-linux-gnueabihf, aarch64-linux-gnu, powerpc64le-linux-gnu, mipsel-linux-gnu, i686-w64-mingw32, x86_64-w64-mingw32, i386-apple-darwin, x86_64-apple-darwin, x86_64h-apple-darwin] + cross_target: [arm-linux-gnueabi, arm-linux-gnueabihf, aarch64-linux-gnu, powerpc64le-linux-gnu, mipsel-linux-gnu, i686-w64-mingw32, x86_64-w64-mingw32] + cross_size: [16, 32, 64] + steps: + # Add swap because of possible out of memory issues + - name: Set Swap Space + uses: pierotofy/set-swap-space@master + with: + swap-size-gb: 10 + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # Cross build and cross run tests + - name: libecc cross-arch tests + env: + BLINDING: ${{ matrix.blinding }} + COMPLETE: ${{ matrix.complete }} + LADDER: ${{ matrix.ladder }} + CROSS_TARGET: ${{ matrix.cross_target }} + CROSS_SIZE: ${{ matrix.cross_size }} + CRYPTOFUZZ: 1 + shell: bash + run: | + # Install stuff + sudo apt-get update; + # This oddity is due to ubuntu (18.04 and 20.04) issue with wine32 in + # githbub actions runners ... + sudo apt-get -y install software-properties-common; + sudo apt-add-repository "ppa:ondrej/php" -y; + sudo dpkg --add-architecture i386; + sudo apt-get update; + sudo apt-get -y install qemu-user-static wine-stable wine32 wine64; + # Cross build jobs + docker pull multiarch/crossbuild; + sh scripts/crossbuild.sh -triplet "${CROSS_TARGET}" "${CROSS_SIZE}"; + # Check for errors + [ ! -z "$(ls -A scripts/crossbuild_out/error_log/)" ] && exit -1; + # Test generated cross binaries through qemu-static; + sh scripts/crossrun.sh -triplet "${CROSS_TARGET}" "${CROSS_SIZE}"; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_examples.yml b/crypto/libecc/.github/workflows/libecc_examples.yml new file mode 100644 index 000000000000..f50e6da9ee60 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_examples.yml @@ -0,0 +1,39 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + examples: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [0, 1] + cryptofuzz: [1] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc examples tests + - name: libecc examples tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + shell: bash + run: | + # Install OpenMP + sudo apt-get update; + sudo apt-get -y install libomp-dev; + # Compile and compile the tests + # + EXTRA_CFLAGS="-DUSER_NN_BIT_LEN=4096" make && cd src/examples/ && EXTRA_CFLAGS="-DUSER_NN_BIT_LEN=4096" make && ./sig/rsa/rsa && ./sig/dsa/dsa && ./sig/kcdsa/kcdsa && ./sig/sdsa/sdsa && ./sig/gostr34_10_94/gostr34_10_94 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + make 32 && cd src/examples/ && make 32 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + make 16 && cd src/examples/ && make 16 && ./sss/sss && ./basic/curve_basic_examples && ./basic/curve_ecdh && make clean && cd - && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_meson_build.yml b/crypto/libecc/.github/workflows/libecc_meson_build.yml new file mode 100644 index 000000000000..e942ae9c2470 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_meson_build.yml @@ -0,0 +1,37 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + compilation_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang, g++, clang++] + blinding: [0, 1] + complete: [0, 1] + ladder: [0, 1] + cryptofuzz: [0, 1] + optflags: ["-O3", "-O2", "-O1"] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc compilation tests using meson + - name: libecc meson compilation tests + shell: bash + run: | + sudo apt-get update; + sudo apt-get -y install python3-pip; + pip install meson; + pip install ninja; + pip install dunamai; + # Compilation tests of all cases + # + rm -rf builddir/ && meson setup -Dwith_wordsize=16 builddir && cd builddir && meson dist && cd -; + rm -rf builddir/ && meson setup -Dwith_wordsize=32 builddir && cd builddir && meson dist && cd -; + rm -rf builddir/ && meson setup -Dwith_wordsize=64 builddir && cd builddir && meson dist && cd -; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_python_tests.yml b/crypto/libecc/.github/workflows/libecc_python_tests.yml new file mode 100644 index 000000000000..895760f7369e --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_python_tests.yml @@ -0,0 +1,43 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + runtime_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [0, 1] + cryptofuzz: [1] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc python tests + - name: libecc python tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + shell: bash + run: | + # Install Python2 and OpenMP + sudo apt-get update; + sudo apt-get -y install python2 libomp-dev; + # Test our Python libecc expanding script + # Python3 + echo "y" | python3 scripts/expand_libecc.py --remove-all && PYTHON=python3 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors rand; + # Clean + echo "y" | python3 scripts/expand_libecc.py --remove-all && make clean; + # Python2 + echo "y" | python2 scripts/expand_libecc.py --remove-all && PYTHON=python2 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors rand; + # Clean + echo "y" | python2 scripts/expand_libecc.py --remove-all && make clean; + continue-on-error: false diff --git a/crypto/libecc/.github/workflows/libecc_runtime_tests.yml b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml new file mode 100644 index 000000000000..2432511a1be0 --- /dev/null +++ b/crypto/libecc/.github/workflows/libecc_runtime_tests.yml @@ -0,0 +1,39 @@ +name: libecc + +# Run this workflow every time a new commit pushed to your repository +on: push + +jobs: + runtime_tests: + runs-on: ubuntu-22.04 + strategy: + #max-parallel: 10 + matrix: + cc: [gcc, clang] + blinding: [1] + cryptofuzz: [1] + wordsize: [64, 32, 16] + steps: + # Checkout repository + - name: checkout repository + uses: actions/checkout@v2 + # Run actions + # libecc runtime tests + - name: libecc runtime tests + env: + CC: ${{ matrix.cc }} + BLINDING: ${{ matrix.blinding }} + CRYPTOFUZZ: ${{ matrix.cryptofuzz }} + ASSERT_PRINT: 1 + # We want to parallelize self tests + OPENMP_SELF_TESTS: 1 + WORDSIZE: ${{ matrix.wordsize }} + shell: bash + run: | + # Install OpenMP + sudo apt-get update; + sudo apt-get -y install libomp-dev; + # Vanilla tests + # + make "${WORDSIZE}" && ./build/ec_self_tests vectors rand; + continue-on-error: false diff --git a/crypto/libecc/.gitignore b/crypto/libecc/.gitignore new file mode 100644 index 000000000000..da8ab177478b --- /dev/null +++ b/crypto/libecc/.gitignore @@ -0,0 +1,4 @@ +*.o +*.d +*~ +*.su \ No newline at end of file diff --git a/crypto/libecc/.travis.yml b/crypto/libecc/.travis.yml new file mode 100644 index 000000000000..45f70324466f --- /dev/null +++ b/crypto/libecc/.travis.yml @@ -0,0 +1,287 @@ +language: c +os: linux +dist: + - bionic + +env: + global: + # COVERITY_SCAN_TOKEN + - secure: "jhz0JLrLjWABZfT/mWiwuddUMvJNdrkIWJEqFGtGLO/x/nbiFD8ooHl/Sb+JSOsr8obXYMVmO+7ubTOLeqAbfaqS/5OZSQZjKAl4G6vGK40qY8cm1F7PTv5H3533XJGG6u4SZkMMlecz1UwsdmQ/5uabhzZwa9vMhuWJPkFy6uwvv09+r7cu8p4sN1KKfkIqIwpdpWmoOoltxfLPKkaIuxhftKDCYrcpd9K82NfXm/9Whxfra35Wq9IcxZXfNt6QKw0OLGnwR70hQZrRsd0bQAzeerWHCnqAbY2neNtMjiV905GJkUaCvWTF6P2ZbTCzN3Jy6wGz/LMSyztnWy/0pa9+dEWdCOZPLsrg+BTcBZNwPBho/Lg/diA/8Dz9plDirvogTpz6O0vzqmLRTVUp6uqBsTAnPHvNS1iz7hUwwvuItSAWOywVeVlpZ2mxUsOUyVzp2iZ9VEr4yk15LLbeYTPIMY2QbwBuG6TkgYn5EiCwsaQlSmPeyJlkc2a5tji2Rgms0wcpOReBxyKKN30LqZyac+bdlkwl6IqzaSWGz0wle68+1vNura+a909kGONLAx/0dbBzL1t5pFrJfDN7brBuk1wJuurecn8owdts4iPMaowpje79BG2hTQot969Ig00j4mhg1BJv5kk7c/mO3TqbDW8tPAto5tcWrYfELu4=" + +before_install: + - echo -n | openssl s_client -connect https://scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- + + +addons: + apt: + update: true + packages: + - make + - gcc + - clang + - qemu-user-static + - wine-stable + - wine32 + - wine64 + - python3 + + coverity_scan: + project: + name: "rb-anssi/libecc_local" + description: "Build submitted via Travis CI of libecc" + notification_email: ryadbenadjila@gmail.com + build_command: make + branch_pattern: coverity_scan + +cache: + apt: true + +# We use docker for the cross-build +services: + - docker + +# All our jobs +env: + matrix: + # Python libecc expand script test + - TEST_PYTHON_EXPAND_SCRIPT=1 + # Vanilla tests (on native plaform) + - BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - CC=clang BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=0 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=1 COMPLETE=0 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=0 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + - CC=clang BLINDING=1 COMPLETE=1 CROSS_BUILD=0 LADDER=0 + # Cross compilation tests (using docker and qemu-static) + # arm-linux-gnueabi + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabi CROSS_SIZE=64 LADDER=0 + # arm-linux-gnueabihf + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=arm-linux-gnueabihf CROSS_SIZE=64 LADDER=0 + # powerpc64le-linux-gnu + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=powerpc64le-linux-gnu CROSS_SIZE=64 LADDER=0 + # aarch64-linux-gnu + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=0 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=aarch64-linux-gnu CROSS_SIZE=64 LADDER=0 + # mipsel-linux-gnu + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=mipsel-linux-gnu CROSS_SIZE=64 LADDER=0 + # i386-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i386-apple-darwin CROSS_SIZE=64 LADDER=0 + # x86_64-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-apple-darwin CROSS_SIZE=64 LADDER=0 + # x86_64h-apple-darwin + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=0 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64h-apple-darwin CROSS_SIZE=64 LADDER=0 + # i686-w64-mingw32 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=i686-w64-mingw32 CROSS_SIZE=64 LADDER=0 + # x86_64-w64-mingw32 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=1 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=16 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=32 LADDER=0 + - BLINDING=1 COMPLETE=0 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=0 + - BLINDING=1 COMPLETE=1 CROSS_BUILD=1 CROSS_TARGET=x86_64-w64-mingw32 CROSS_SIZE=64 LADDER=0 + +script: + # Coverity scan static analysis + - if [ "${COVERITY_SCAN_BRANCH}" == 1 ]; then make; fi + - if [ "${COVERITY_SCAN_BRANCH}" == 1 ]; then exit 0; fi + # Test our Python libecc expanding script + # Python2 + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python2 scripts/expand_libecc.py --remove-all && PYTHON=python2 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand; fi; + # Python3 + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python3 scripts/expand_libecc.py --remove-all && PYTHON=python3 sh scripts/gen_curves_tests.sh && make clean && make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand; fi; + # Clean + - if [ "${TEST_PYTHON_EXPAND_SCRIPT}" == 1 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then echo "y" | python2 scripts/expand_libecc.py --remove-all && make clean; fi; + # Vanilla tests + - if [ "$TRAVIS_EVENT_TYPE" = "pull_request" ]; then git fetch origin refs/pull/${TRAVIS_PULL_REQUEST}/head && git checkout FETCH_HEAD; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 16 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 16 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 16 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 32 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 32 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 32 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make 64 && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make 64 && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make 64 && cd - && make clean; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make debug && ./build/ec_self_tests vectors && ./build/ec_self_tests rand && cd src/arithmetic_tests/ && make clean && make debug && make clean && cd -; fi + - if [ "${CROSS_BUILD}" = 0 ] && [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then cd src/examples/ && make clean && make debug && cd - && make clean; fi *** 960508 LINES SKIPPED *** From nobody Sat Jan 11 02:49:00 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJY2yqNz5l4YH; Sat, 11 Jan 2025 02:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJX5wF7z4Hms; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Rz/FVxRg2JLCZT4EXMyIOrcIr1qHL/+a2OIgQ7hVUMM=; b=cuYl5UCbv37N0bD51VSsxR75ncNxvTuj9IrGMA4wYtM8wjCz78mV2P9X1GHf6acvL0Emgx vqO55EhwWDd+I+I5bS3SMmirP/f2ZPtGU5vZbd0KQvbFFIfz5zJVM9olpZPNybe4ZtbsfB mgFCOdFNtr64gRNJHCQJKrBKU3O69bNz1mBFBWVcoLNqyjixZllzI0Ezig+Irrtz5uFHOL XGpc926lVq7M1kwuhxvXQyryNfnmuDe4DcSXKt+jm80FV9IPdF4A4EDB+K7a+cTunACMsw ioUprIQwT72FL1zoyVeAjitEray5msnXx2tcfoWNX5hbw8VCohyS33Z8wplpWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Rz/FVxRg2JLCZT4EXMyIOrcIr1qHL/+a2OIgQ7hVUMM=; b=d51WbOV8cGBapTHTFBqU07jpbya6aSjXZQfVQWASutIO0v6WD/XkffJ17Fk/Xp9YdwZED3 5FihMTT2S99eYnnC8LRpJ8hD/UQOWEgSJicNXsbVFWvXqx+yuhOtqZM8BxhjRnP7ffSCUu C7XjCxzrIlybomyRcHJubSXtQpV4UxN29MvLX++q3kYpCrxtrhVU2rdLSrf97WFBprrvXS q0ffOVmjo7vMNcxnq74NR+s81737NgnKwnkazx/MP4cvG+AYWCAcZaCDcKRDOnVli1DTvE gnXtKWp0cWwWPUzRj3YU8GyUuZnVyAIe/5CoUC9m3eabF52aZ2F0tiYO9wl6eg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563740; a=rsa-sha256; cv=none; b=qprXRslcCOa8pOXC12vufQPRBABoCus6vIx5b17UZMRo1YDU0keihFqmkyzk54WUP65/Mf +pky1QpGx5YfHuYFQvKGPexdq1cZKZJBTezBcyvxc2MsYbKhJj600pfEFY3z64vAcFxs54 ISrl1Ow3mqVR+i0fJy2p8BmQMBDsya4bAEhuPwwjuQ2GGeIXxZRMLuadTjwVzMAPER4ixM uwzQBI02+Tt/namaJ+QbFkGpFOwTFK+j0oHpe6fI6Nys4I7Hipz3DO3HQjvJhLmHstxNt3 gocXAgmzAvjLK9Pijmpd8MIJwGLV2l0Y78g31RGC/o5F3VtPktn197q+rNWcuw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJX5WPZzgYw; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n0jV066434; Sat, 11 Jan 2025 02:49:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n0CM066431; Sat, 11 Jan 2025 02:49:00 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:00 GMT Message-Id: <202501110249.50B2n0CM066431@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 8aeeab433170 - stable/14 - pkg: finish adding the ECC signer and signature type bits List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8aeeab4331704e6ce64b7c312932e1a4ac1ce7ec Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=8aeeab4331704e6ce64b7c312932e1a4ac1ce7ec commit 8aeeab4331704e6ce64b7c312932e1a4ac1ce7ec Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:26 +0000 pkg: finish adding the ECC signer and signature type bits Signature types need to be parsed out of the key/signature information that we are presented with from the files we download. We use that to understand whicher signer we need to dispatch to. The ECC signer is more-or-less lifted from pkg(8), with some changes to slim it down for pkg(7). Reviewed by: bapt (cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e) --- usr.sbin/pkg/Makefile | 7 +- usr.sbin/pkg/ecc.c | 606 ++++++++++++++++++++++++++++++++++++++++++++++++++ usr.sbin/pkg/pkg.c | 115 ++++++++-- usr.sbin/pkg/pkg.h | 3 + 4 files changed, 711 insertions(+), 20 deletions(-) diff --git a/usr.sbin/pkg/Makefile b/usr.sbin/pkg/Makefile index af0a4d57ee90..b44905ee4976 100644 --- a/usr.sbin/pkg/Makefile +++ b/usr.sbin/pkg/Makefile @@ -22,11 +22,14 @@ CONFSNAME_${PKGCONF}= ${PKGCONF:C/\.conf.+$/.conf/} CONFSDIR= /etc/pkg CONFSMODE= 644 PROG= pkg -SRCS= pkg.c rsa.c dns_utils.c config.c hash.c +SRCS= pkg.c rsa.c dns_utils.c config.c ecc.c hash.c MAN= pkg.7 CFLAGS+=-I${SRCTOP}/contrib/libucl/include .PATH: ${SRCTOP}/contrib/libucl/include -LIBADD= archive fetch ucl crypto ssl util md +LIBADD= archive der fetch pkgecc ucl crypto ssl util md + +CFLAGS+=-I${SRCTOP}/contrib/libder/libder +CFLAGS+=-I${SRCTOP}/crypto/libecc/include .include diff --git a/usr.sbin/pkg/ecc.c b/usr.sbin/pkg/ecc.c new file mode 100644 index 000000000000..01ce020bdba0 --- /dev/null +++ b/usr.sbin/pkg/ecc.c @@ -0,0 +1,606 @@ +/*- + * Copyright (c) 2011-2013 Baptiste Daroussin + * Copyright (c) 2011-2012 Julien Laffaye + * All rights reserved. + * Copyright (c) 2021 Kyle Evans + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define WITH_STDLIB +#include +#undef WITH_STDLIB + +#include "pkg.h" +#include "hash.h" + +/* libpkg shim */ +#define STREQ(l, r) (strcmp(l, r) == 0) + +struct ecc_sign_ctx { + struct pkgsign_ctx sctx; + ec_params params; + ec_key_pair keypair; + ec_alg_type sig_alg; + hash_alg_type sig_hash; + bool loaded; +}; + +/* Grab the ossl context from a pkgsign_ctx. */ +#define ECC_CCTX(c) (__containerof(c, const struct ecc_sign_ctx, sctx)) +#define ECC_CTX(c) (__containerof(c, struct ecc_sign_ctx, sctx)) + +#define PUBKEY_UNCOMPRESSED 0x04 + +#ifndef MAX +#define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + +static const uint8_t oid_ecpubkey[] = \ + { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }; + +static const uint8_t oid_secp[] = \ + { 0x2b, 0x81, 0x04, 0x00 }; +static const uint8_t oid_secp256k1[] = \ + { 0x2b, 0x81, 0x04, 0x00, 0x0a }; +static const uint8_t oid_brainpoolP[] = \ + { 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01 }; + +#define ENTRY(name, params) { #name, sizeof(#name) - 1, params } +static const struct pkgkey_map_entry { + const char *name; + size_t namesz; + const ec_str_params *params; +} pkgkey_map[] = { + ENTRY(WEI25519, &wei25519_str_params), + ENTRY(SECP256K1, &secp256k1_str_params), + ENTRY(SECP384R1, &secp384r1_str_params), + ENTRY(SECP512R1, &secp521r1_str_params), + ENTRY(BRAINPOOLP256R1, &brainpoolp256r1_str_params), + ENTRY(BRAINPOOLP256T1, &brainpoolp256t1_str_params), + ENTRY(BRAINPOOLP320R1, &brainpoolp320r1_str_params), + ENTRY(BRAINPOOLP320T1, &brainpoolp320t1_str_params), + ENTRY(BRAINPOOLP384R1, &brainpoolp384r1_str_params), + ENTRY(BRAINPOOLP384T1, &brainpoolp384t1_str_params), + ENTRY(BRAINPOOLP512R1, &brainpoolp512r1_str_params), + ENTRY(BRAINPOOLP512T1, &brainpoolp512t1_str_params), +}; + +static const char pkgkey_app[] = "pkg"; +static const char pkgkey_signer[] = "ecc"; + +static const ec_str_params * +ecc_pkgkey_params(const uint8_t *curve, size_t curvesz) +{ + const struct pkgkey_map_entry *entry; + + for (size_t i = 0; i < nitems(pkgkey_map); i++) { + entry = &pkgkey_map[i]; + if (curvesz != entry->namesz) + continue; + if (memcmp(curve, entry->name, curvesz) == 0) + return (entry->params); + } + + return (NULL); +} + +static int +ecc_read_pkgkey(struct libder_object *root, ec_params *params, int public, + uint8_t *rawkey, size_t *rawlen) +{ + struct libder_object *obj; + const uint8_t *data; + const ec_str_params *sparams; + size_t datasz; + int ret; + + if (libder_obj_type_simple(root) != BT_SEQUENCE) + return (1); + + /* Application */ + obj = libder_obj_child(root, 0); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != sizeof(pkgkey_app) - 1 || + memcmp(data, pkgkey_app, datasz) != 0) + return (1); + + /* Version */ + obj = libder_obj_child(root, 1); + if (obj == NULL || libder_obj_type_simple(obj) != BT_INTEGER) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != 1 || *data != 1 /* XXX */) + return (1); + + /* Signer */ + obj = libder_obj_child(root, 2); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != sizeof(pkgkey_signer) - 1 || + memcmp(data, pkgkey_signer, datasz) != 0) + return (1); + + /* KeyType (curve) */ + obj = libder_obj_child(root, 3); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + sparams = ecc_pkgkey_params(data, datasz); + if (sparams == NULL) + return (1); + + ret = import_params(params, sparams); + if (ret != 0) + return (1); + + /* Public? */ + obj = libder_obj_child(root, 4); + if (obj == NULL || libder_obj_type_simple(obj) != BT_BOOLEAN) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != 1 || !data[0] != !public) + return (1); + + /* Key */ + obj = libder_obj_child(root, 5); + if (obj == NULL || libder_obj_type_simple(obj) != BT_BITSTRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz <= 2 || data[0] != 0 || data[1] != PUBKEY_UNCOMPRESSED) + return (1); + + data += 2; + datasz -= 2; + + if (datasz > *rawlen) + return (1); + + + memcpy(rawkey, data, datasz); + *rawlen = datasz; + + return (0); +} + +static int +ecc_extract_signature(const uint8_t *sig, size_t siglen, uint8_t *rawsig, + size_t rawlen) +{ + struct libder_ctx *ctx; + struct libder_object *obj, *root; + const uint8_t *sigdata; + size_t compsz, datasz, sigoff; + int rc; + + ctx = libder_open(); + if (ctx == NULL) + return (1); + + rc = 1; + root = libder_read(ctx, sig, &siglen); + if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE) + goto out; + + /* Descend into the sequence's payload, extract both numbers. */ + compsz = rawlen / 2; + sigoff = 0; + for (int i = 0; i < 2; i++) { + obj = libder_obj_child(root, i); + if (libder_obj_type_simple(obj) != BT_INTEGER) + goto out; + + sigdata = libder_obj_data(obj, &datasz); + if (datasz < 2 || datasz > compsz + 1) + goto out; + + /* + * We may see an extra lead byte if our high bit of the first + * byte was set, since these numbers are positive by definition. + */ + if (sigdata[0] == 0 && (sigdata[1] & 0x80) != 0) { + sigdata++; + datasz--; + } + + /* Sanity check: don't overflow the output. */ + if (sigoff + datasz > rawlen) + goto out; + + /* Padding to the significant end if we're too small. */ + if (datasz < compsz) { + memset(&rawsig[sigoff], 0, compsz - datasz); + sigoff += compsz - datasz; + } + + memcpy(&rawsig[sigoff], sigdata, datasz); + sigoff += datasz; + } + + /* Sanity check: must have exactly the required # of signature bits. */ + rc = (sigoff == rawlen) ? 0 : 1; + +out: + libder_obj_free(root); + libder_close(ctx); + return (rc); +} + +static int +ecc_extract_pubkey_string(const uint8_t *data, size_t datalen, uint8_t *rawkey, + size_t *rawlen) +{ + uint8_t prefix, usebit; + + if (datalen <= 2) + return (1); + + usebit = *data++; + datalen--; + + if (usebit != 0) + return (1); + + prefix = *data++; + datalen--; + + if (prefix != PUBKEY_UNCOMPRESSED) + return (1); + + if (datalen > *rawlen) + return (1); + + memcpy(rawkey, data, datalen); + *rawlen = datalen; + + return (0); +} + +static int +ecc_extract_key_params(const uint8_t *oid, size_t oidlen, + ec_params *rawparams) +{ + int ret; + + if (oidlen >= sizeof(oid_secp) && + memcmp(oid, oid_secp, sizeof(oid_secp)) >= 0) { + oid += sizeof(oid_secp); + oidlen -= sizeof(oid_secp); + + if (oidlen != 1) + return (1); + + ret = -1; + switch (*oid) { + case 0x0a: /* secp256k1 */ + ret = import_params(rawparams, &secp256k1_str_params); + break; + case 0x22: /* secp384r1 */ + ret = import_params(rawparams, &secp384r1_str_params); + break; + case 0x23: /* secp521r1 */ + ret = import_params(rawparams, &secp521r1_str_params); + break; + default: + return (1); + } + + if (ret == 0) + return (0); + return (1); + } + + if (oidlen >= sizeof(oid_brainpoolP) && + memcmp(oid, oid_brainpoolP, sizeof(oid_brainpoolP)) >= 0) { + oid += sizeof(oid_brainpoolP); + oidlen -= sizeof(oid_brainpoolP); + + if (oidlen != 1) + return (1); + + ret = -1; + switch (*oid) { + case 0x07: /* brainpoolP256r1 */ + ret = import_params(rawparams, &brainpoolp256r1_str_params); + break; + case 0x08: /* brainpoolP256t1 */ + ret = import_params(rawparams, &brainpoolp256t1_str_params); + break; + case 0x09: /* brainpoolP320r1 */ + ret = import_params(rawparams, &brainpoolp320r1_str_params); + break; + case 0x0a: /* brainpoolP320t1 */ + ret = import_params(rawparams, &brainpoolp320t1_str_params); + break; + case 0x0b: /* brainpoolP384r1 */ + ret = import_params(rawparams, &brainpoolp384r1_str_params); + break; + case 0x0c: /* brainpoolP384t1 */ + ret = import_params(rawparams, &brainpoolp384t1_str_params); + break; + case 0x0d: /* brainpoolP512r1 */ + ret = import_params(rawparams, &brainpoolp512r1_str_params); + break; + case 0x0e: /* brainpoolP512t1 */ + ret = import_params(rawparams, &brainpoolp512t1_str_params); + break; + default: + return (1); + } + + if (ret == 0) + return (0); + return (1); + } + +#ifdef ECC_DEBUG + for (size_t i = 0; i < oidlen; i++) { + fprintf(stderr, "%.02x ", oid[i]); + } + + fprintf(stderr, "\n"); +#endif + + return (1); +} + +/* + * On entry, *rawparams should point to an ec_params that we can import the + * key parameters to. We'll either do that, or we'll set it to NULL if we could + * not deduce the curve. + */ +static int +ecc_extract_pubkey(FILE *keyfp, const uint8_t *key, size_t keylen, + uint8_t *rawkey, size_t *rawlen, ec_params *rawparams) +{ + const uint8_t *oidp; + struct libder_ctx *ctx; + struct libder_object *keydata, *oid, *params, *root; + size_t oidsz; + int rc; + + ctx = libder_open(); + if (ctx == NULL) + return (1); + + rc = 1; + assert((keyfp != NULL) ^ (key != NULL)); + if (keyfp != NULL) { + root = libder_read_file(ctx, keyfp, &keylen); + } else { + root = libder_read(ctx, key, &keylen); + } + + if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE) + goto out; + + params = libder_obj_child(root, 0); + + if (params == NULL) { + goto out; + } else if (libder_obj_type_simple(params) != BT_SEQUENCE) { + rc = ecc_read_pkgkey(root, rawparams, 1, rawkey, rawlen); + goto out; + } + + /* Is a sequence */ + keydata = libder_obj_child(root, 1); + if (keydata == NULL || libder_obj_type_simple(keydata) != BT_BITSTRING) + goto out; + + /* Key type */ + oid = libder_obj_child(params, 0); + if (oid == NULL || libder_obj_type_simple(oid) != BT_OID) + goto out; + + oidp = libder_obj_data(oid, &oidsz); + if (oidsz != sizeof(oid_ecpubkey) || + memcmp(oidp, oid_ecpubkey, oidsz) != 0) + return (1); + + /* Curve */ + oid = libder_obj_child(params, 1); + if (oid == NULL || libder_obj_type_simple(oid) != BT_OID) + goto out; + + oidp = libder_obj_data(oid, &oidsz); + if (ecc_extract_key_params(oidp, oidsz, rawparams) != 0) + goto out; + + /* Finally, peel off the key material */ + key = libder_obj_data(keydata, &keylen); + if (ecc_extract_pubkey_string(key, keylen, rawkey, rawlen) != 0) + goto out; + + rc = 0; +out: + libder_obj_free(root); + libder_close(ctx); + return (rc); +} + +struct ecc_verify_cbdata { + const struct pkgsign_ctx *sctx; + FILE *keyfp; + const unsigned char *key; + size_t keylen; + unsigned char *sig; + size_t siglen; +}; + +static int +ecc_verify_internal(struct ecc_verify_cbdata *cbdata, const uint8_t *hash, + size_t hashsz) +{ + ec_pub_key pubkey; + ec_params derparams; + const struct ecc_sign_ctx *keyinfo = ECC_CCTX(cbdata->sctx); + uint8_t keybuf[EC_PUB_KEY_MAX_SIZE]; + uint8_t rawsig[EC_MAX_SIGLEN]; + size_t keysz; + int ret; + uint8_t ecsiglen; + + keysz = MIN(sizeof(keybuf), cbdata->keylen / 2); + + keysz = sizeof(keybuf); + if (ecc_extract_pubkey(cbdata->keyfp, cbdata->key, cbdata->keylen, + keybuf, &keysz, &derparams) != 0) { + warnx("failed to parse key"); + return (1); + } + + ret = ec_get_sig_len(&derparams, keyinfo->sig_alg, keyinfo->sig_hash, + &ecsiglen); + if (ret != 0) + return (1); + + /* + * Signatures are DER-encoded, whether by OpenSSL or pkg. + */ + if (ecc_extract_signature(cbdata->sig, cbdata->siglen, + rawsig, ecsiglen) != 0) { + warnx("failed to decode signature"); + return (1); + } + + ret = ec_pub_key_import_from_aff_buf(&pubkey, &derparams, + keybuf, keysz, keyinfo->sig_alg); + if (ret != 0) { + warnx("failed to import key"); + return (1); + } + + ret = ec_verify(rawsig, ecsiglen, &pubkey, hash, hashsz, keyinfo->sig_alg, + keyinfo->sig_hash, NULL, 0); + if (ret != 0) { + warnx("failed to verify signature"); + return (1); + } + + return (0); +} + +static bool +ecc_verify_data(const struct pkgsign_ctx *sctx, + const char *data, size_t datasz, const char *sigfile, + const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + int ret; + struct ecc_verify_cbdata cbdata; + + ret = 1; + + if (sigfile != NULL) { + cbdata.keyfp = fopen(sigfile, "r"); + if (cbdata.keyfp == NULL) { + warn("fopen: %s", sigfile); + return (false); + } + } else { + cbdata.keyfp = NULL; + cbdata.key = key; + cbdata.keylen = keylen; + } + + cbdata.sctx = sctx; + cbdata.sig = sig; + cbdata.siglen = siglen; + + ret = ecc_verify_internal(&cbdata, data, datasz); + + if (cbdata.keyfp != NULL) + fclose(cbdata.keyfp); + + return (ret == 0); +} + +static bool +ecc_verify_cert(const struct pkgsign_ctx *sctx, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + bool ret; + char *sha256; + + ret = false; + if (lseek(fd, 0, SEEK_SET) == -1) { + warn("lseek"); + return (false); + } + + if ((sha256 = sha256_fd(fd)) != NULL) { + ret = ecc_verify_data(sctx, sha256, strlen(sha256), sigfile, key, + keylen, sig, siglen); + free(sha256); + } + + return (ret); +} + +static int +ecc_new(const char *name __unused, struct pkgsign_ctx *sctx) +{ + struct ecc_sign_ctx *keyinfo = ECC_CTX(sctx); + int ret; + + ret = 1; + if (STREQ(name, "ecc") || STREQ(name, "eddsa")) { + keyinfo->sig_alg = EDDSA25519; + keyinfo->sig_hash = SHA512; + ret = import_params(&keyinfo->params, &wei25519_str_params); + } else if (STREQ(name, "ecdsa")) { + keyinfo->sig_alg = ECDSA; + keyinfo->sig_hash = SHA256; + ret = import_params(&keyinfo->params, &secp256k1_str_params); + } + + if (ret != 0) + return (1); + + return (0); +} + +const struct pkgsign_ops pkgsign_ecc = { + .pkgsign_ctx_size = sizeof(struct ecc_sign_ctx), + .pkgsign_new = ecc_new, + .pkgsign_verify_cert = ecc_verify_cert, + .pkgsign_verify_data = ecc_verify_data, +}; diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index c39e210e1040..9aa8d7dfe774 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -56,6 +56,8 @@ #include "config.h" #include "hash.h" +#define PKGSIGN_MARKER "$PKGSIGN:" + static const struct pkgsign_impl { const char *pi_name; const struct pkgsign_ops *pi_ops; @@ -64,6 +66,18 @@ static const struct pkgsign_impl { .pi_name = "rsa", .pi_ops = &pkgsign_rsa, }, + { + .pi_name = "ecc", + .pi_ops = &pkgsign_ecc, + }, + { + .pi_name = "ecdsa", + .pi_ops = &pkgsign_ecc, + }, + { + .pi_name = "eddsa", + .pi_ops = &pkgsign_ecc, + }, }; typedef enum { @@ -489,11 +503,41 @@ pkg_read_fd(int fd, size_t *osz) return (obuf); } +/* + * Returns a copy of the signature type stored on the heap, and advances *bufp + * past the type. + */ +static char * +parse_sigtype(char **bufp, size_t *bufszp) +{ + char *buf = *bufp; + char *endp; + char *sigtype; + size_t bufsz = *bufszp; + + if (bufsz <= sizeof(PKGSIGN_MARKER) - 1 || + strncmp(buf, PKGSIGN_MARKER, sizeof(PKGSIGN_MARKER) - 1) != 0) + goto dflt; + + buf += sizeof(PKGSIGN_MARKER) - 1; + endp = strchr(buf, '$'); + if (endp == NULL) + goto dflt; + + sigtype = strndup(buf, endp - buf); + *bufp = endp + 1; + *bufszp -= *bufp - buf; + + return (sigtype); +dflt: + return (strdup("rsa")); +} + static struct pubkey * read_pubkey(int fd) { struct pubkey *pk; - char *sigb; + char *osigb, *sigb, *sigtype; size_t sigsz; if (lseek(fd, 0, 0) == -1) { @@ -501,13 +545,15 @@ read_pubkey(int fd) return (NULL); } - sigb = pkg_read_fd(fd, &sigsz); + osigb = sigb = pkg_read_fd(fd, &sigsz); + sigtype = parse_sigtype(&sigb, &sigsz); pk = calloc(1, sizeof(struct pubkey)); pk->siglen = sigsz; pk->sig = calloc(1, pk->siglen); memcpy(pk->sig, sigb, pk->siglen); - free(sigb); + pk->sigtype = sigtype; + free(osigb); return (pk); } @@ -516,17 +562,18 @@ static struct sig_cert * parse_cert(int fd) { int my_fd; struct sig_cert *sc; - FILE *fp, *sigfp, *certfp, *tmpfp; + FILE *fp, *sigfp, *certfp, *tmpfp, *typefp; char *line; - char *sig, *cert; - size_t linecap, sigsz, certsz; + char *sig, *cert, *type; + size_t linecap, sigsz, certsz, typesz; ssize_t linelen; + bool end_seen; sc = NULL; line = NULL; linecap = 0; - sig = cert = NULL; - sigfp = certfp = tmpfp = NULL; + sig = cert = type = NULL; + sigfp = certfp = tmpfp = typefp = NULL; if (lseek(fd, 0, 0) == -1) { warn("lseek"); @@ -545,22 +592,30 @@ parse_cert(int fd) { return (NULL); } - sigsz = certsz = 0; + sigsz = certsz = typesz = 0; sigfp = open_memstream(&sig, &sigsz); if (sigfp == NULL) err(EXIT_FAILURE, "open_memstream()"); certfp = open_memstream(&cert, &certsz); if (certfp == NULL) err(EXIT_FAILURE, "open_memstream()"); + typefp = open_memstream(&type, &typesz); + if (typefp == NULL) + err(EXIT_FAILURE, "open_memstream()"); + end_seen = false; while ((linelen = getline(&line, &linecap, fp)) > 0) { if (strcmp(line, "SIGNATURE\n") == 0) { tmpfp = sigfp; continue; + } else if (strcmp(line, "TYPE\n") == 0) { + tmpfp = typefp; + continue; } else if (strcmp(line, "CERT\n") == 0) { tmpfp = certfp; continue; } else if (strcmp(line, "END\n") == 0) { + end_seen = true; break; } if (tmpfp != NULL) @@ -570,11 +625,28 @@ parse_cert(int fd) { fclose(fp); fclose(sigfp); fclose(certfp); + fclose(typefp); sc = calloc(1, sizeof(struct sig_cert)); sc->siglen = sigsz -1; /* Trim out unrelated trailing newline */ sc->sig = sig; + if (typesz == 0) { + sc->type = strdup("rsa"); + free(type); + } else { + assert(type[typesz - 1] == '\n'); + type[typesz - 1] = '\0'; + sc->type = type; + } + + /* + * cert could be DER-encoded rather than PEM, so strip off any trailing + * END marker if we ran over it. + */ + if (!end_seen && certsz > 4 && + strcmp(&cert[certsz - 4], "END\n") == 0) + certsz -= 4; sc->certlen = certsz; sc->cert = cert; @@ -611,16 +683,23 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } - /* Future types shouldn't do this. */ - if ((data = sha256_fd(fd_pkg)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } + if (strcmp(pk->sigtype, "rsa") == 0) { + /* Future types shouldn't do this. */ + if ((data = sha256_fd(fd_pkg)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } - datasz = strlen(data); + datasz = strlen(data); + } else { + if ((data = pkg_read_fd(fd_pkg, &datasz)) == NULL) { + warnx("Failed to read package data"); + goto cleanup; + } + } - if (pkgsign_new("rsa", &sctx) != 0) { - warnx("Failed to fetch 'rsa' signer"); + if (pkgsign_new(pk->sigtype, &sctx) != 0) { + warnx("Failed to fetch '%s' signer", pk->sigtype); goto cleanup; } @@ -723,7 +802,7 @@ verify_signature(int fd_pkg, int fd_sig) goto cleanup; } - if (pkgsign_new("rsa", &sctx) != 0) { + if (pkgsign_new(sc->type, &sctx) != 0) { fprintf(stderr, "Failed to fetch 'rsa' signer\n"); goto cleanup; } diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index b9fe9b5fa566..f74f97ce795b 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -51,10 +51,12 @@ struct pkgsign_ops { pkgsign_verify_data_cb *pkgsign_verify_data; }; +extern const struct pkgsign_ops pkgsign_ecc; extern const struct pkgsign_ops pkgsign_rsa; struct sig_cert { char *name; + char *type; unsigned char *sig; int siglen; unsigned char *cert; @@ -63,6 +65,7 @@ struct sig_cert { }; struct pubkey { + char *sigtype; unsigned char *sig; int siglen; }; From nobody Sat Jan 11 02:49:00 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJY0cYDz5l4bY; Sat, 11 Jan 2025 02:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJX40Rcz4HhN; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IiwKcC8jfAeIeBQYdU1Af757VDSGaXw+zaseQG0kEgE=; b=wZjdIj8h1lDeJ+QgzLS2EK91fS3DuYxY7jn/vmD44Mwzr6OrNmsTgvXOYu1oDaCk/dNwZq lpr/Ri1KzpWTsGgk6Oe70r7SPZikfNat1+5Xu7TeTMzgcjWEcGlRPoXItogAcqShOc3DsM v3N2iPvCwpS8aF94cCzCsYNpkceP9ozO3e3UYG6w77Jcw0MeG2yWvJMp4/ilstEfMSMzI8 TPZakbUGsgIN8pm5UvbKHuIGDfqFEzx+oBEylhNfsVDvBlWLl7ZfeT7pCGC5B/TiBTkqwu Y257mr4kpEEvo0I6c+n/Xi0AOh6KiJ47tdTe5ZUtFgNybeGQuc1kkbnhHOOyTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IiwKcC8jfAeIeBQYdU1Af757VDSGaXw+zaseQG0kEgE=; b=WOagM149y+ukuAwC+bgSdGth/TawXQPTyIncfd3gcka5oMpuaBanPbn7HN0JMa8WpBxAvN k3WLmWT3vB7OsAQr7COg37VASGku49eKRR5jIqC9i2j2H0ldtCCy1Z7wqtQsg25iBfs/H/ DLehO7/i4XlZ26vUxL5lyqmCKZm/oJgxGlx+q9A0D7zsc0ad0RyP5PLX/Fo/aXFEgHOC9d Tu8oe2IICtECjoG7uMOGfyiIEwg/Fu3F40S5t+2FOVzawClSWS29s1+iKBGRR/WxLUQflc 8405ipRsjaNfGIxm3HfJjZPlRu5gEt3OtbjqTeytIvwZvYZDuQEdccp1pKoLdw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563740; a=rsa-sha256; cv=none; b=oqNzEJ4qh1cHdzY0s/aeQk84Sd8DExVdZIz+rUDLHOvi1GvSFKEs/TAoOFeMf5PA4qoHk+ xPAIK4y1UXBNyV2EMmhHH2rEPSVChvnp2V0rfa5XGmk6URE9ByEpVHzyuITSXA06/b16cf jqgRTgTwfvOqmPYNCvakY2ik4XFgu5nR9YGxwFwS+u4lzNydzEuKjQYL3nirzEr+3RFynB CykdwNlJ0nQihfkB+uUg0Lx2/NXkGULjO+6jVE31xJWnWyMkfzZFvuds/X8dEFaYR47Mu+ 1QRXi70cEamfN+0LYWqC4e8cWaHIG1DuAGZ6Sp+pjTC5Gbsrg1B3u/VvR4cy0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJX2tf9zgYv; Sat, 11 Jan 2025 02:49:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n0CO066375; Sat, 11 Jan 2025 02:49:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n0re066372; Sat, 11 Jan 2025 02:49:00 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:00 GMT Message-Id: <202501110249.50B2n0re066372@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: e993a99fd862 - stable/13 - secure: hook up libecc as libpkgecc List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e993a99fd86267a6ea6a7925bf05d3f26730ee9c Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=e993a99fd86267a6ea6a7925bf05d3f26730ee9c commit e993a99fd86267a6ea6a7925bf05d3f26730ee9c Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:29 +0000 secure: hook up libecc as libpkgecc libecc is not intended to be general use, other applications should really be using openssl. pkg(7) uses libecc to align with the pkg(8) project and its goals. This will be used in the upcoming support for ECC in pkg(7). Reviewed by: emaste (cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742) --- secure/lib/Makefile | 2 +- secure/lib/libpkgecc/Makefile | 137 +++++++++++++++++++++++++++++++++ secure/lib/libpkgecc/pkg_libecc_rand.c | 22 ++++++ share/mk/src.libnames.mk | 4 + 4 files changed, 164 insertions(+), 1 deletion(-) diff --git a/secure/lib/Makefile b/secure/lib/Makefile index b4b586fa6585..bc659916e152 100644 --- a/secure/lib/Makefile +++ b/secure/lib/Makefile @@ -1,7 +1,7 @@ .include -SUBDIR= +SUBDIR= libpkgecc .if ${MK_OPENSSL} != "no" SUBDIR+=libcrypto libssl .if ${MK_OPENSSH} != "no" diff --git a/secure/lib/libpkgecc/Makefile b/secure/lib/libpkgecc/Makefile new file mode 100644 index 000000000000..476cd8635aeb --- /dev/null +++ b/secure/lib/libpkgecc/Makefile @@ -0,0 +1,137 @@ + +# STOP - This is not a general purpose library and is only for use by pkg(7) +# to align with the implementation in pkg(8). +LIB= pkgecc +INTERNALLIB= + +.PATH: $(SRCTOP)/crypto/libecc +SRCS+= pkg_libecc_rand.c + +# curves_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/curves +SRCS+= aff_pt.c \ + aff_pt_montgomery.c \ + ec_edwards.c \ + ec_montgomery.c \ + ec_params.c \ + ec_shortw.c \ + aff_pt_edwards.c \ + curves.c \ + prj_pt.c + +# utils_ec_src +.PATH: $(SRCTOP)/crypto/libecc/src/utils +SRCS+= print_curves.c + +# fp_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/fp +SRCS+= fp_add.c \ + fp.c \ + fp_montgomery.c \ + fp_mul.c \ + fp_mul_redc1.c \ + fp_pow.c \ + fp_rand.c \ + fp_sqrt.c + +# nn_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/nn +SRCS+= nn_add.c \ + nn.c \ + nn_div.c \ + nn_logical.c \ + nn_modinv.c \ + nn_mod_pow.c \ + nn_mul.c \ + nn_mul_redc1.c \ + nn_rand.c + +# utils_arith_src +SRCS+= utils.c \ + utils_rand.c \ + print_buf.c \ + print_fp.c \ + print_nn.c + +## libsign bits +# hash_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/hash +SRCS+= hash_algs.c \ + sm3.c \ + streebog.c \ + ripemd160.c \ + belt-hash.c \ + hmac.c \ + bash224.c \ + bash256.c \ + bash384.c \ + bash512.c \ + bash.c \ + sha224.c \ + sha256.c \ + sha3-224.c \ + sha3-256.c \ + sha3-384.c \ + sha3-512.c \ + sha384.c \ + sha3.c \ + sha512-224.c \ + sha512-256.c \ + sha512.c \ + sha512_core.c \ + shake256.c \ + shake.c + +# sig_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/sig +SRCS+= decdsa.c \ + ecdsa.c \ + ecfsdsa.c \ + ecgdsa.c \ + eckcdsa.c \ + ecosdsa.c \ + ecrdsa.c \ + ecsdsa.c \ + eddsa.c \ + fuzzing_ecdsa.c \ + fuzzing_ecgdsa.c \ + fuzzing_ecrdsa.c \ + ecdsa_common.c \ + ecsdsa_common.c \ + sig_algs.c \ + sm2.c \ + bign_common.c \ + bign.c \ + dbign.c \ + bip0340.c + +# key_mod_src +SRCS+= ec_key.c + +# utils_sign_src +.PATH: $(SRCTOP)/crypto/libecc/src/sig +SRCS+= print_keys.c + +# ecdh_mod_src +.PATH: $(SRCTOP)/crypto/libecc/src/ecdh +SRCS+= ecccdh.c \ + x25519_448.c + +# external_deps +.PATH: $(SRCTOP)/crypto/libecc/src/external_deps +SRCS+= print.c + +CONFLICTS= -Dsha256_init=_libecc_sha256_init \ + -Dsha256_update=_libecc_sha256_update \ + -Dsha256_final=_libecc_sha256_final \ + -Dsha512_224_init=_libecc_sha512_224_init \ + -Dsha512_256_init=_libecc_sha512_256_init + +CFLAGS= -I$(SRCTOP)/crypto/libecc/include \ + -ffreestanding \ + -fno-builtin \ + -DUSE_WARN_UNUSED_RET \ + -DWITH_STDLIB \ + $(CONFLICTS) + +.include diff --git a/secure/lib/libpkgecc/pkg_libecc_rand.c b/secure/lib/libpkgecc/pkg_libecc_rand.c new file mode 100644 index 000000000000..c190c9094538 --- /dev/null +++ b/secure/lib/libpkgecc/pkg_libecc_rand.c @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: Unlicense */ +#include +#include + +#include + +int +get_random(unsigned char *buf, uint16_t len) +{ + + /* + * We need random numbers even in a sandbox, so we can't use + * /dev/urandom as the external_deps version of get_random() does on + * FreeBSD. arc4random_buf() is a better choice because it uses the + * underlying getrandom(2) instead of needing to open a device handle. + * + * We don't have any guarantees that this won't open a device on other + * platforms, but we also don't do any sandboxing on those platforms. + */ + arc4random_buf(buf, len); + return 0; +} diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index c372614037c7..aae78f1f5947 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -59,6 +59,7 @@ _INTERNALLIBS= \ parse \ pe \ pfctl \ + pkgecc \ pmcstat \ sl \ sm \ @@ -605,6 +606,9 @@ LIBAMU?= ${LIBAMUDIR}/libamu${PIE_SUFFIX}.a LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a +LIBPKGECCDIR= ${_LIB_OBJTOP}/secure/lib/libpkgecc +LIBPKGECC?= ${LIBPKGECCDIR}/libpkgecc${PIE_SUFFIX}.a + LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a From nobody Sat Jan 11 02:49:01 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJZ6m0nz5l4YK; Sat, 11 Jan 2025 02:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJZ0MS5z4Hn3; Sat, 11 Jan 2025 02:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fh558Lpe3eD4r54v+G4Z3Y/btjxLjaT8epNXF8Ajpe0=; b=Up/tZJ9Q2WOjlhjLQhQvlwzQJfrrX8J9IFflrOMOjm2/EM5MW/nebAGwiXdHQt30TVC4ju gsi5xbD7LbdvbOEPlaMd0nq5L/2m+MVA+Tg+J7Jmr19uT24L3p8aqM1s9rllYxkw6YLNe1 usCc5rq7eyRW28l+HPni8DtSbopjEClIWiZ39rPhUZ3hCLkYmbNAPi2h/rrdjIxVo4vVFc VkKJCHThRexhwBgbWmp+wgHBjqPCh3mqucWWykWyt2md22w+u9Y3sWGIr20PLCskzTnoFG 5vTNLveJSnVoco7nrhnFKkT6p45/Gb99i3er3QRk0Io73bdM95fJ+Bah4KFWpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fh558Lpe3eD4r54v+G4Z3Y/btjxLjaT8epNXF8Ajpe0=; b=vvqorYYt/7MXUVb0kCAvFx2KsOjT3a4cSXCmqY9WG3rZ4eqoysmZwShC7y4yE0dnVWfsui TzCiZ8qaHrGGL1/FvtA0jMvHp07NRJVrv/aGVM1plOhrXrVes7PKjQ+3EZ4hDNaWtOgPJB yofoORmj05S8gBtq24UTFKcguo26e0fCR0kjV16LXKtHIazPfAccLrrb79moJLsxKy/EY9 /NssrYhJXREBS0b8M8veUf9eZj92T3ZjurI4Th8+04x6NXz3Md/89bZezI7hgjti6/ol53 EcFKHD8ak9s96VxDbHyRLc0rDFwWJSitYd37n/4luF6Zd0u7zmvYW9acAQYuxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563742; a=rsa-sha256; cv=none; b=nhobR+DmB24a+foyQi93rkGJ5SONI390SFBW269rcWftVGHeG1ylMejWr35v8NIPMv7dez ArW1UDrWRYoSIsp3BilDmAK3CxIY8dI1ioGT8U5/yX6KX13X/EcVmZJjORuBfyQmFiG/tz iWMt9gQwQD0E4nTC944oZj04UmQ5pC7cTndQXSR7mZINc3fWu5gWORT3fq1UQ1jnKveqZI ZqHuuMFUmthFdvR5ppX3T5c1DFYQgx7e2OfzoLoNCKdD5FLPuMkATW8a3yy1dAqpcrV+sa k54+RPBmRKrVreSYYJDbklugMfSXiFfKpKh5cuQ2qEIexAxgh4D83+UARVkrHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJY6SVxzgYx; Sat, 11 Jan 2025 02:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n1UV066524; Sat, 11 Jan 2025 02:49:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n1A8066521; Sat, 11 Jan 2025 02:49:01 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:01 GMT Message-Id: <202501110249.50B2n1A8066521@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 4ce976c56fcb - stable/14 - shar: add a deprecation notice List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4ce976c56fcb7a6687d956244f8ef7b37ca38025 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=4ce976c56fcb7a6687d956244f8ef7b37ca38025 commit 4ce976c56fcb7a6687d956244f8ef7b37ca38025 Author: Kyle Evans AuthorDate: 2025-01-02 02:15:36 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:26 +0000 shar: add a deprecation notice The shar(1) program is simple, but the fundamental idea of a sh archive is risky at best and one that we probably shouldn't be promoting as prominently as a program in $PATH and a manpage. Let's deprecate and remove it, since the same functionality can easily be found in tar(1) instead. Reviewed by: emaste, philip Reviewed by: allanjude, brooks, delphij, des, imp, rpokala (previous) (cherry picked from commit f68ee0e7a1e8732f725cad4ac708ec49093782d4) (cherry picked from commit 2832af7b4ea256b18ef4dbf2ff97a50765f0609a) --- usr.bin/shar/shar.1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/usr.bin/shar/shar.1 b/usr.bin/shar/shar.1 index 3a49c9ee06e3..9b74745970c9 100644 --- a/usr.bin/shar/shar.1 +++ b/usr.bin/shar/shar.1 @@ -27,12 +27,29 @@ .\" .\" @(#)shar.1 8.1 (Berkeley) 6/6/93 .\" -.Dd January 31, 2019 +.Dd January 1, 2025 .Dt SHAR 1 .Os .Sh NAME .Nm shar .Nd create a shell archive of files +.Sh DEPRECATION NOTICE +.Nm +is obsolete and may not be present in +.Fx 15 +and later. +Because shell archives are simultaneously data and code and are typically +interpreted by +.Xr sh 1 , +they can easily be trojan-horsed and pose a significant security risk to users. +The +.Xr tar 1 +utility can still produce shar encodings of files if needed. +The +.Pa sysutils/freebsd-shar +port has been created to maintain this version of +.Nm +past its deprecation in base. .Sh SYNOPSIS .Nm .Ar From nobody Sat Jan 11 02:49:01 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJZ3JZtz5l4dT; Sat, 11 Jan 2025 02:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJY4Nxfz4Hn2; Sat, 11 Jan 2025 02:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EUKGiAwX2STqOjw+r9Jbad3LlHoXpW1x3b1kLCdP9PQ=; b=com8pnKkHUXos/AuOcczmogAp0VCX82ZtYd1JkxDXlC6/cTNnpA9GJy8vUwdK2Vif8LeCf nj1uH4KV1UQpcQzsX+iqMkxHoKnhxc80AFBFJzjE0figFFXVmsqGfFejqZemYC2ogwrTfi hLo5SWQNmEOZC/if/PK6Ebn7ltkzABVCcxwMucTwTjeRVPRaBgX36vUGCL6ULvzT/643rt /Izs+e2V+njCiQNIvmXOcf5bjv1lCxkyZqe+Wl8iVOEn2oyuCu6Yq+gBc7FX/wowoImA0H 6pRzcXn7/Z20mNAy0cWC/T7XqvSjIvjVDiAh/O56QPYI0H/ibrRBEhFkrjYS9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EUKGiAwX2STqOjw+r9Jbad3LlHoXpW1x3b1kLCdP9PQ=; b=Zv4hu1XbZ6ITOMqC6sGoapzeERgUfuCSbc6RNxEXrQYZYBUzRlwz32kMyJi/Ww+l5uCgmU +Ealb2fdxYAVn7/S1VKK1FT2sgSq+IA9M8l/Q/aw6LhOZ8n9t06mIOgGm+HJC9ICp0EPju nH3JsDIwnNxK3d09i2fuNJkJriRx1/fXHj3YIQlkxefwdg5wDXXpEtSgk5wmo4WPbT3Jqp Yc/xcQ2hJYW7zSVUs/59qsVHhfm9iIUjZRjIydFZLfIzVnfmS8M9Ma5mn2VD+sBMfT7edJ 7mOlNGgbOWQr6Ikwuwd4UWM4KKPzkvc3RRwbkJwIGOmPPkMCL7yb1CN4/R8Xiw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563741; a=rsa-sha256; cv=none; b=hoIBGVXVyGIK/Fb8rEbX8BzoiNRDHQyXyqrN+DFTB0tv+1mgjgNygkYjo+lWEHk7o6YkRY SgzorSwevjpgZ8s2wjpz0kNWFCE52JsjOKayigApawOswZvUuo1z6EsUygm4VFU8jV714v 3sz+Jop/KAedGYRLk9lrmFSENUh2wYup3K519bm9XH1Zyr5ruZasQ7TAmkca3mQDHg4/Io A1tI4Mmj/lsmDGuJGJ18tfmBjoyZYYrYR6hbqUmImay+hWLB4XpuWv3SfL+4Y+w6ThpFis YvGAEcbrWW+sPteL97SkhSaD0+X1F9+AVi8Rwfa8BTj+wdVj0wE5NTQ41VBZEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJY40VJzgC0; Sat, 11 Jan 2025 02:49:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n1WW066482; Sat, 11 Jan 2025 02:49:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n1v3066479; Sat, 11 Jan 2025 02:49:01 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:01 GMT Message-Id: <202501110249.50B2n1v3066479@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 14cf1cdf9a09 - stable/13 - pkg: pull rsa bits out of pkg.c List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 14cf1cdf9a099d47b8c80596b462696ebda1c11d Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=14cf1cdf9a099d47b8c80596b462696ebda1c11d commit 14cf1cdf9a099d47b8c80596b462696ebda1c11d Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:30 +0000 pkg: pull rsa bits out of pkg.c We'll eventually add a pkgsign abstraction over these similar to how we do in pkg(8), but start by isolating these parts. Reviewed by: bapt, emaste (cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0) --- usr.sbin/pkg/Makefile | 2 +- usr.sbin/pkg/pkg.c | 130 +----------------------------------------- usr.sbin/pkg/pkg.h | 50 ++++++++++++++++ usr.sbin/pkg/rsa.c | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 207 insertions(+), 130 deletions(-) diff --git a/usr.sbin/pkg/Makefile b/usr.sbin/pkg/Makefile index 3e0e047382ca..af0a4d57ee90 100644 --- a/usr.sbin/pkg/Makefile +++ b/usr.sbin/pkg/Makefile @@ -22,7 +22,7 @@ CONFSNAME_${PKGCONF}= ${PKGCONF:C/\.conf.+$/.conf/} CONFSDIR= /etc/pkg CONFSMODE= 644 PROG= pkg -SRCS= pkg.c dns_utils.c config.c hash.c +SRCS= pkg.c rsa.c dns_utils.c config.c hash.c MAN= pkg.7 CFLAGS+=-I${SRCTOP}/contrib/libucl/include diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 1915893af283..3e5e52751e0d 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -49,27 +49,12 @@ #include #include -#include -#include +#include "pkg.h" #include "dns_utils.h" #include "config.h" #include "hash.h" -struct sig_cert { - char *name; - unsigned char *sig; - int siglen; - unsigned char *cert; - int certlen; - bool trusted; -}; - -struct pubkey { - unsigned char *sig; - int siglen; -}; - typedef enum { HASH_UNKNOWN, HASH_SHA256, @@ -399,119 +384,6 @@ load_fingerprints(const char *path, int *count) return (fingerprints); } -static EVP_PKEY * -load_public_key_file(const char *file) -{ - EVP_PKEY *pkey; - BIO *bp; - char errbuf[1024]; - - bp = BIO_new_file(file, "r"); - if (!bp) - errx(EXIT_FAILURE, "Unable to read %s", file); - - if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) - warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf)); - - BIO_free(bp); - - return (pkey); -} - -static EVP_PKEY * -load_public_key_buf(const unsigned char *cert, int certlen) -{ - EVP_PKEY *pkey; - BIO *bp; - char errbuf[1024]; - - bp = BIO_new_mem_buf(__DECONST(void *, cert), certlen); - - if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - - BIO_free(bp); - - return (pkey); -} - -static bool -rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, - int keylen, unsigned char *sig, int siglen) -{ - EVP_MD_CTX *mdctx; - EVP_PKEY *pkey; - char *sha256; - char errbuf[1024]; - bool ret; - - sha256 = NULL; - pkey = NULL; - mdctx = NULL; - ret = false; - - SSL_load_error_strings(); - - /* Compute SHA256 of the package. */ - if (lseek(fd, 0, 0) == -1) { - warn("lseek"); - goto cleanup; - } - if ((sha256 = sha256_fd(fd)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } - - if (sigfile != NULL) { - if ((pkey = load_public_key_file(sigfile)) == NULL) { - warnx("Error reading public key"); - goto cleanup; - } - } else { - if ((pkey = load_public_key_buf(key, keylen)) == NULL) { - warnx("Error reading public key"); - goto cleanup; - } - } - - /* Verify signature of the SHA256(pkg) is valid. */ - if ((mdctx = EVP_MD_CTX_create()) == NULL) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - if (EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) { - warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); - goto error; - } - - ret = true; - printf("done\n"); - goto cleanup; - -error: - printf("failed\n"); - -cleanup: - free(sha256); - if (pkey) - EVP_PKEY_free(pkey); - if (mdctx) - EVP_MD_CTX_destroy(mdctx); - ERR_free_strings(); - - return (ret); -} - static struct pubkey * read_pubkey(int fd) { diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h new file mode 100644 index 000000000000..01f69f5a825b --- /dev/null +++ b/usr.sbin/pkg/pkg.h @@ -0,0 +1,50 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2012-2014 Baptiste Daroussin + * Copyright (c) 2013 Bryan Drewery + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _PKG_H +#define _PKG_H + +struct sig_cert { + char *name; + unsigned char *sig; + int siglen; + unsigned char *cert; + int certlen; + bool trusted; +}; + +struct pubkey { + unsigned char *sig; + int siglen; +}; + +bool rsa_verify_cert(int, const char *, const unsigned char *, int, + unsigned char *, int); + +#endif /* _PKG_H */ diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c new file mode 100644 index 000000000000..afc446a6ad06 --- /dev/null +++ b/usr.sbin/pkg/rsa.c @@ -0,0 +1,155 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2012-2014 Baptiste Daroussin + * Copyright (c) 2013 Bryan Drewery + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include +#include + +#include +#include + +#include "pkg.h" + +#include "config.h" +#include "hash.h" + +static EVP_PKEY * +load_public_key_file(const char *file) +{ + EVP_PKEY *pkey; + BIO *bp; + char errbuf[1024]; + + bp = BIO_new_file(file, "r"); + if (!bp) + errx(EXIT_FAILURE, "Unable to read %s", file); + + if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) + warnx("ici: %s", ERR_error_string(ERR_get_error(), errbuf)); + + BIO_free(bp); + + return (pkey); +} + +static EVP_PKEY * +load_public_key_buf(const unsigned char *cert, int certlen) +{ + EVP_PKEY *pkey; + BIO *bp; + char errbuf[1024]; + + bp = BIO_new_mem_buf(__DECONST(void *, cert), certlen); + + if ((pkey = PEM_read_bio_PUBKEY(bp, NULL, NULL, NULL)) == NULL) + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + + BIO_free(bp); + + return (pkey); +} + +bool +rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, + int keylen, unsigned char *sig, int siglen) +{ + EVP_MD_CTX *mdctx; + EVP_PKEY *pkey; + char *sha256; + char errbuf[1024]; + bool ret; + + sha256 = NULL; + pkey = NULL; + mdctx = NULL; + ret = false; + + SSL_load_error_strings(); + + /* Compute SHA256 of the package. */ + if (lseek(fd, 0, 0) == -1) { + warn("lseek"); + goto cleanup; + } + if ((sha256 = sha256_fd(fd)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } + + if (sigfile != NULL) { + if ((pkey = load_public_key_file(sigfile)) == NULL) { + warnx("Error reading public key"); + goto cleanup; + } + } else { + if ((pkey = load_public_key_buf(key, keylen)) == NULL) { + warnx("Error reading public key"); + goto cleanup; + } + } + + /* Verify signature of the SHA256(pkg) is valid. */ + if ((mdctx = EVP_MD_CTX_create()) == NULL) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + if (EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) { + warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); + goto error; + } + + ret = true; + printf("done\n"); + goto cleanup; + +error: + printf("failed\n"); + +cleanup: + free(sha256); + if (pkey) + EVP_PKEY_free(pkey); + if (mdctx) + EVP_MD_CTX_destroy(mdctx); + ERR_free_strings(); + + return (ret); +} From nobody Sat Jan 11 02:49:02 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJb3sQMz5l4YL; Sat, 11 Jan 2025 02:49:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJZ5D3cz4Hl2; Sat, 11 Jan 2025 02:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+4AbTnQKVRvST/MxvFmnFYMYc6gWnNbR46o0/kgfslI=; b=QaEWtsYKEt2OPt1zIxL6fRmqVXxgYXcpnNxjfucFlTsknNUOdhCe8r7uGQxBYpQzfCObvP HlTCUtG6vMQTSwqyfs66rV0RuKJT5VHw1a3m1N1TMeNX7lC2MfCXRglt3xRZSAK+/buJ2/ tHMXFdu8sav2d7gLHqmpH+Hne7LpOMKAJ6fmOjtWJ4nbpdtRLZbiTv1D+UU2qUgCGtsJSG 0m0q7SembMq+THMlhmpcf5AT8EjHRnq6XPVTsTN/29szqSikYt0G5zFdzIL3FsYCJLLqpE 1vLzoNg5QvgykYXJGXSM/CihTawj8/u7OpDmaKY1GogQC9zbO/Pc6+O90X+UsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563742; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+4AbTnQKVRvST/MxvFmnFYMYc6gWnNbR46o0/kgfslI=; b=VY/HEKCVOHo1Hrh4NWtUlthbgi5SN2m8GEWUPwfeEPPedBNLsACMCIaNRTJ7ITPUcWmDUi SYSQWhOqhCw7iYwbQQKLTph6utjG6Uz+9KYOTGZl2BYI4zvJKk2UbsFNm3BI2EpteFF1Qn pj/vCU0IbpcZVU+mhOaL6qmmWdxyF/yauRAIACsyQ9SltuF3sRU9vP2z2W5ZtPOqDuFKIN CurN0somx8pKAF91fdXt14gXZmHgCnyIifJoc0R8XbQrvkSd4hPFR02PFok1IgCnZClZ/K iO6IVY/wRItOqCdXcfQvkcgPJoObBV8fpbCKTn0uaUr3oEBqSHT556otbzqzfg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563742; a=rsa-sha256; cv=none; b=X5u3AQO+Vc4of8hAOrn9QIZ/v0p3I+9ak1SyRJgozxi1EQ1u8rXnLPEPSyvtPS0s6DZw+O EPyNwWncqe0ft+MmLfwYU5krWduoAeLY/+Ft7GtAp2I8aNVmfSo5aUSMGb7OqC6EMC+M8y kfNj2M+hX23epDX8YlVODXO5tRa0OQTH+kIjTsHUQTVhwDtWQfHKLN6hqDE1l5nd3AIYpI CnwoQwjRi2IBUZKdrSF3zJyIgDVhgRSLSj9NXmebI3XKOIydYd+oxMy9xadxaaMoE4Evfs 38brf6wf/8f/jJYarjm9ToGi8XddTIUP6R//HdwDWCE45dcUCCNNcuK6IodWcw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJZ4mRnzfy3; Sat, 11 Jan 2025 02:49:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n2Tp066568; Sat, 11 Jan 2025 02:49:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n2lo066565; Sat, 11 Jan 2025 02:49:02 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:02 GMT Message-Id: <202501110249.50B2n2lo066565@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 9d25078d8121 - stable/13 - pkg: refactor out a pkg_read_fd() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 9d25078d81211b3a91021d12a19bca9231f0821d Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=9d25078d81211b3a91021d12a19bca9231f0821d commit 9d25078d81211b3a91021d12a19bca9231f0821d Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:30 +0000 pkg: refactor out a pkg_read_fd() We already have to do this for reading the pubkey, just pull it out for other uses. The ECC signer will use this to verify the bootstrap if the PUBKEY mechanism is used. Reviewed by: bapt, emaste (cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7) --- usr.sbin/pkg/pkg.c | 40 +++++++++++++++++++++++++++------------- usr.sbin/pkg/pkg.h | 2 ++ 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 3e5e52751e0d..56bced7b9c5f 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -384,32 +384,46 @@ load_fingerprints(const char *path, int *count) return (fingerprints); } +char * +pkg_read_fd(int fd, size_t *osz) +{ + char *obuf; + char buf[4096]; + FILE *fp; + ssize_t r; + + obuf = NULL; + *osz = 0; + fp = open_memstream(&obuf, osz); + if (fp == NULL) + err(EXIT_FAILURE, "open_memstream()"); + + while ((r = read(fd, buf, sizeof(buf))) >0) { + fwrite(buf, 1, r, fp); + } + + if (ferror(fp)) + errx(EXIT_FAILURE, "reading file"); + + fclose(fp); + + return (obuf); +} + static struct pubkey * read_pubkey(int fd) { struct pubkey *pk; char *sigb; size_t sigsz; - FILE *sig; - char buf[4096]; - int r; if (lseek(fd, 0, 0) == -1) { warn("lseek"); return (NULL); } - sigsz = 0; - sigb = NULL; - sig = open_memstream(&sigb, &sigsz); - if (sig == NULL) - err(EXIT_FAILURE, "open_memstream()"); - - while ((r = read(fd, buf, sizeof(buf))) >0) { - fwrite(buf, 1, r, sig); - } + sigb = pkg_read_fd(fd, &sigsz); - fclose(sig); pk = calloc(1, sizeof(struct pubkey)); pk->siglen = sigsz; pk->sig = calloc(1, pk->siglen); diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index 01f69f5a825b..faa2be6c8376 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -47,4 +47,6 @@ struct pubkey { bool rsa_verify_cert(int, const char *, const unsigned char *, int, unsigned char *, int); +char *pkg_read_fd(int fd, size_t *osz); + #endif /* _PKG_H */ From nobody Sat Jan 11 02:49:05 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJf4R9Vz5l4dX; Sat, 11 Jan 2025 02:49:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJf0g58z4HlT; Sat, 11 Jan 2025 02:49:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6CoufqSv8DiqbKwhQxfesOAt/JpVAiHVwJJc7SuefPs=; b=vWuVt5nPzoGkwMg0HXBwg0B55skvn1L8vVes/mpKHd+E0JaAPdQNRRsHpt/qz5tyEK+50D awsYJeed4/7UclyR4+DnieAgTYfTq5EkhQn4hC5cipTgyF23g1tCkcUnJmKqwSFuOjxkyI Fn31U2zJBE4OVUQl+ywhW/vHY+jNDJVVPED87SZ2qP3I+0472FQ8mKexFI/sRAvj4tBKnG 9x5Q7LmffhnW0JL1yzfbaXgNAkEqZWIxofob9LdMjzawejnIHmGHVTkzqyWt1Qexo8y8HC CqvDmKr4QdyA3jkhZFzbPl652oT0T08/7LGWslLZ7WQV06uLei5TD9sNDbmeSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6CoufqSv8DiqbKwhQxfesOAt/JpVAiHVwJJc7SuefPs=; b=kT0GXI85tvu8wqk1fTNrYtKwGOfIq7TuBP7WSsIkCo9BswcM+FyKMoBkDJWUJ7v02KfaQW E9exYbAVSkuL3itlLiwaxwJLlsWzHMa5zIRxIDkR/zOy82K2BQZWqRHMqvDmxu6ucSWYwj ZBXaQeXFp4nR33sXFfcqsmkzLK5fM7kmW2HgPIjDo5M71Qk79YPwyXG85sK8xaBK26ZM07 fJjWMFVZulvLuFps5iGBEyBI1h0/E7j9KkBkg85yoNRcD0GC5jx6YPi42VG9jwIYttTJer PJtqCK+ry1+m+eOzYi+ngKSE7CAHVEft00qq+rI0t4ZWPBKzrf+EA8yAb/4NRA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563746; a=rsa-sha256; cv=none; b=l15fHaNIHIDbc+1g5avxZIOd5odHruENz6+gh6r8ED59GhfOI9WZhyVW/GUJaY5d1PG6dk k01f8eT5ym2P0oSt3kDjdazTw/nBnzHfYY+lkkeYorxP4KO+Wye6+UFMG+lG7hbgLMNpNT JVRM4m9SutGMKMwv/3dn8pwG2SIzgbqwXognvD5QwZj3Bs4KnVnXXlo680XCXGUozmHw2I R/7oxNKJWZpFwL+z+EvvddIU3l91kR1rsu+3++eCP1StVRD/LKcHYCNNF9iHSLRTIdN/L+ J6RYffUAbLQClvY3AKSbliz5wegci0NbliSdDAeksD1YsB4Rdvjop5kmPBrXHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJf07tczfy4; Sat, 11 Jan 2025 02:49:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n5E9066806; Sat, 11 Jan 2025 02:49:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n55M066803; Sat, 11 Jan 2025 02:49:05 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:05 GMT Message-Id: <202501110249.50B2n55M066803@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: b5ae765d8244 - stable/13 - pkg: finish adding the ECC signer and signature type bits List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: b5ae765d824471bfd2d1b26a0b748d354d132a48 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=b5ae765d824471bfd2d1b26a0b748d354d132a48 commit b5ae765d824471bfd2d1b26a0b748d354d132a48 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:31 +0000 pkg: finish adding the ECC signer and signature type bits Signature types need to be parsed out of the key/signature information that we are presented with from the files we download. We use that to understand whicher signer we need to dispatch to. The ECC signer is more-or-less lifted from pkg(8), with some changes to slim it down for pkg(7). Reviewed by: bapt (cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e) --- usr.sbin/pkg/Makefile | 7 +- usr.sbin/pkg/ecc.c | 606 ++++++++++++++++++++++++++++++++++++++++++++++++++ usr.sbin/pkg/pkg.c | 115 ++++++++-- usr.sbin/pkg/pkg.h | 3 + 4 files changed, 711 insertions(+), 20 deletions(-) diff --git a/usr.sbin/pkg/Makefile b/usr.sbin/pkg/Makefile index af0a4d57ee90..b44905ee4976 100644 --- a/usr.sbin/pkg/Makefile +++ b/usr.sbin/pkg/Makefile @@ -22,11 +22,14 @@ CONFSNAME_${PKGCONF}= ${PKGCONF:C/\.conf.+$/.conf/} CONFSDIR= /etc/pkg CONFSMODE= 644 PROG= pkg -SRCS= pkg.c rsa.c dns_utils.c config.c hash.c +SRCS= pkg.c rsa.c dns_utils.c config.c ecc.c hash.c MAN= pkg.7 CFLAGS+=-I${SRCTOP}/contrib/libucl/include .PATH: ${SRCTOP}/contrib/libucl/include -LIBADD= archive fetch ucl crypto ssl util md +LIBADD= archive der fetch pkgecc ucl crypto ssl util md + +CFLAGS+=-I${SRCTOP}/contrib/libder/libder +CFLAGS+=-I${SRCTOP}/crypto/libecc/include .include diff --git a/usr.sbin/pkg/ecc.c b/usr.sbin/pkg/ecc.c new file mode 100644 index 000000000000..01ce020bdba0 --- /dev/null +++ b/usr.sbin/pkg/ecc.c @@ -0,0 +1,606 @@ +/*- + * Copyright (c) 2011-2013 Baptiste Daroussin + * Copyright (c) 2011-2012 Julien Laffaye + * All rights reserved. + * Copyright (c) 2021 Kyle Evans + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define WITH_STDLIB +#include +#undef WITH_STDLIB + +#include "pkg.h" +#include "hash.h" + +/* libpkg shim */ +#define STREQ(l, r) (strcmp(l, r) == 0) + +struct ecc_sign_ctx { + struct pkgsign_ctx sctx; + ec_params params; + ec_key_pair keypair; + ec_alg_type sig_alg; + hash_alg_type sig_hash; + bool loaded; +}; + +/* Grab the ossl context from a pkgsign_ctx. */ +#define ECC_CCTX(c) (__containerof(c, const struct ecc_sign_ctx, sctx)) +#define ECC_CTX(c) (__containerof(c, struct ecc_sign_ctx, sctx)) + +#define PUBKEY_UNCOMPRESSED 0x04 + +#ifndef MAX +#define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + +static const uint8_t oid_ecpubkey[] = \ + { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }; + +static const uint8_t oid_secp[] = \ + { 0x2b, 0x81, 0x04, 0x00 }; +static const uint8_t oid_secp256k1[] = \ + { 0x2b, 0x81, 0x04, 0x00, 0x0a }; +static const uint8_t oid_brainpoolP[] = \ + { 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01 }; + +#define ENTRY(name, params) { #name, sizeof(#name) - 1, params } +static const struct pkgkey_map_entry { + const char *name; + size_t namesz; + const ec_str_params *params; +} pkgkey_map[] = { + ENTRY(WEI25519, &wei25519_str_params), + ENTRY(SECP256K1, &secp256k1_str_params), + ENTRY(SECP384R1, &secp384r1_str_params), + ENTRY(SECP512R1, &secp521r1_str_params), + ENTRY(BRAINPOOLP256R1, &brainpoolp256r1_str_params), + ENTRY(BRAINPOOLP256T1, &brainpoolp256t1_str_params), + ENTRY(BRAINPOOLP320R1, &brainpoolp320r1_str_params), + ENTRY(BRAINPOOLP320T1, &brainpoolp320t1_str_params), + ENTRY(BRAINPOOLP384R1, &brainpoolp384r1_str_params), + ENTRY(BRAINPOOLP384T1, &brainpoolp384t1_str_params), + ENTRY(BRAINPOOLP512R1, &brainpoolp512r1_str_params), + ENTRY(BRAINPOOLP512T1, &brainpoolp512t1_str_params), +}; + +static const char pkgkey_app[] = "pkg"; +static const char pkgkey_signer[] = "ecc"; + +static const ec_str_params * +ecc_pkgkey_params(const uint8_t *curve, size_t curvesz) +{ + const struct pkgkey_map_entry *entry; + + for (size_t i = 0; i < nitems(pkgkey_map); i++) { + entry = &pkgkey_map[i]; + if (curvesz != entry->namesz) + continue; + if (memcmp(curve, entry->name, curvesz) == 0) + return (entry->params); + } + + return (NULL); +} + +static int +ecc_read_pkgkey(struct libder_object *root, ec_params *params, int public, + uint8_t *rawkey, size_t *rawlen) +{ + struct libder_object *obj; + const uint8_t *data; + const ec_str_params *sparams; + size_t datasz; + int ret; + + if (libder_obj_type_simple(root) != BT_SEQUENCE) + return (1); + + /* Application */ + obj = libder_obj_child(root, 0); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != sizeof(pkgkey_app) - 1 || + memcmp(data, pkgkey_app, datasz) != 0) + return (1); + + /* Version */ + obj = libder_obj_child(root, 1); + if (obj == NULL || libder_obj_type_simple(obj) != BT_INTEGER) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != 1 || *data != 1 /* XXX */) + return (1); + + /* Signer */ + obj = libder_obj_child(root, 2); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != sizeof(pkgkey_signer) - 1 || + memcmp(data, pkgkey_signer, datasz) != 0) + return (1); + + /* KeyType (curve) */ + obj = libder_obj_child(root, 3); + if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING) + return (1); + data = libder_obj_data(obj, &datasz); + sparams = ecc_pkgkey_params(data, datasz); + if (sparams == NULL) + return (1); + + ret = import_params(params, sparams); + if (ret != 0) + return (1); + + /* Public? */ + obj = libder_obj_child(root, 4); + if (obj == NULL || libder_obj_type_simple(obj) != BT_BOOLEAN) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz != 1 || !data[0] != !public) + return (1); + + /* Key */ + obj = libder_obj_child(root, 5); + if (obj == NULL || libder_obj_type_simple(obj) != BT_BITSTRING) + return (1); + data = libder_obj_data(obj, &datasz); + if (datasz <= 2 || data[0] != 0 || data[1] != PUBKEY_UNCOMPRESSED) + return (1); + + data += 2; + datasz -= 2; + + if (datasz > *rawlen) + return (1); + + + memcpy(rawkey, data, datasz); + *rawlen = datasz; + + return (0); +} + +static int +ecc_extract_signature(const uint8_t *sig, size_t siglen, uint8_t *rawsig, + size_t rawlen) +{ + struct libder_ctx *ctx; + struct libder_object *obj, *root; + const uint8_t *sigdata; + size_t compsz, datasz, sigoff; + int rc; + + ctx = libder_open(); + if (ctx == NULL) + return (1); + + rc = 1; + root = libder_read(ctx, sig, &siglen); + if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE) + goto out; + + /* Descend into the sequence's payload, extract both numbers. */ + compsz = rawlen / 2; + sigoff = 0; + for (int i = 0; i < 2; i++) { + obj = libder_obj_child(root, i); + if (libder_obj_type_simple(obj) != BT_INTEGER) + goto out; + + sigdata = libder_obj_data(obj, &datasz); + if (datasz < 2 || datasz > compsz + 1) + goto out; + + /* + * We may see an extra lead byte if our high bit of the first + * byte was set, since these numbers are positive by definition. + */ + if (sigdata[0] == 0 && (sigdata[1] & 0x80) != 0) { + sigdata++; + datasz--; + } + + /* Sanity check: don't overflow the output. */ + if (sigoff + datasz > rawlen) + goto out; + + /* Padding to the significant end if we're too small. */ + if (datasz < compsz) { + memset(&rawsig[sigoff], 0, compsz - datasz); + sigoff += compsz - datasz; + } + + memcpy(&rawsig[sigoff], sigdata, datasz); + sigoff += datasz; + } + + /* Sanity check: must have exactly the required # of signature bits. */ + rc = (sigoff == rawlen) ? 0 : 1; + +out: + libder_obj_free(root); + libder_close(ctx); + return (rc); +} + +static int +ecc_extract_pubkey_string(const uint8_t *data, size_t datalen, uint8_t *rawkey, + size_t *rawlen) +{ + uint8_t prefix, usebit; + + if (datalen <= 2) + return (1); + + usebit = *data++; + datalen--; + + if (usebit != 0) + return (1); + + prefix = *data++; + datalen--; + + if (prefix != PUBKEY_UNCOMPRESSED) + return (1); + + if (datalen > *rawlen) + return (1); + + memcpy(rawkey, data, datalen); + *rawlen = datalen; + + return (0); +} + +static int +ecc_extract_key_params(const uint8_t *oid, size_t oidlen, + ec_params *rawparams) +{ + int ret; + + if (oidlen >= sizeof(oid_secp) && + memcmp(oid, oid_secp, sizeof(oid_secp)) >= 0) { + oid += sizeof(oid_secp); + oidlen -= sizeof(oid_secp); + + if (oidlen != 1) + return (1); + + ret = -1; + switch (*oid) { + case 0x0a: /* secp256k1 */ + ret = import_params(rawparams, &secp256k1_str_params); + break; + case 0x22: /* secp384r1 */ + ret = import_params(rawparams, &secp384r1_str_params); + break; + case 0x23: /* secp521r1 */ + ret = import_params(rawparams, &secp521r1_str_params); + break; + default: + return (1); + } + + if (ret == 0) + return (0); + return (1); + } + + if (oidlen >= sizeof(oid_brainpoolP) && + memcmp(oid, oid_brainpoolP, sizeof(oid_brainpoolP)) >= 0) { + oid += sizeof(oid_brainpoolP); + oidlen -= sizeof(oid_brainpoolP); + + if (oidlen != 1) + return (1); + + ret = -1; + switch (*oid) { + case 0x07: /* brainpoolP256r1 */ + ret = import_params(rawparams, &brainpoolp256r1_str_params); + break; + case 0x08: /* brainpoolP256t1 */ + ret = import_params(rawparams, &brainpoolp256t1_str_params); + break; + case 0x09: /* brainpoolP320r1 */ + ret = import_params(rawparams, &brainpoolp320r1_str_params); + break; + case 0x0a: /* brainpoolP320t1 */ + ret = import_params(rawparams, &brainpoolp320t1_str_params); + break; + case 0x0b: /* brainpoolP384r1 */ + ret = import_params(rawparams, &brainpoolp384r1_str_params); + break; + case 0x0c: /* brainpoolP384t1 */ + ret = import_params(rawparams, &brainpoolp384t1_str_params); + break; + case 0x0d: /* brainpoolP512r1 */ + ret = import_params(rawparams, &brainpoolp512r1_str_params); + break; + case 0x0e: /* brainpoolP512t1 */ + ret = import_params(rawparams, &brainpoolp512t1_str_params); + break; + default: + return (1); + } + + if (ret == 0) + return (0); + return (1); + } + +#ifdef ECC_DEBUG + for (size_t i = 0; i < oidlen; i++) { + fprintf(stderr, "%.02x ", oid[i]); + } + + fprintf(stderr, "\n"); +#endif + + return (1); +} + +/* + * On entry, *rawparams should point to an ec_params that we can import the + * key parameters to. We'll either do that, or we'll set it to NULL if we could + * not deduce the curve. + */ +static int +ecc_extract_pubkey(FILE *keyfp, const uint8_t *key, size_t keylen, + uint8_t *rawkey, size_t *rawlen, ec_params *rawparams) +{ + const uint8_t *oidp; + struct libder_ctx *ctx; + struct libder_object *keydata, *oid, *params, *root; + size_t oidsz; + int rc; + + ctx = libder_open(); + if (ctx == NULL) + return (1); + + rc = 1; + assert((keyfp != NULL) ^ (key != NULL)); + if (keyfp != NULL) { + root = libder_read_file(ctx, keyfp, &keylen); + } else { + root = libder_read(ctx, key, &keylen); + } + + if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE) + goto out; + + params = libder_obj_child(root, 0); + + if (params == NULL) { + goto out; + } else if (libder_obj_type_simple(params) != BT_SEQUENCE) { + rc = ecc_read_pkgkey(root, rawparams, 1, rawkey, rawlen); + goto out; + } + + /* Is a sequence */ + keydata = libder_obj_child(root, 1); + if (keydata == NULL || libder_obj_type_simple(keydata) != BT_BITSTRING) + goto out; + + /* Key type */ + oid = libder_obj_child(params, 0); + if (oid == NULL || libder_obj_type_simple(oid) != BT_OID) + goto out; + + oidp = libder_obj_data(oid, &oidsz); + if (oidsz != sizeof(oid_ecpubkey) || + memcmp(oidp, oid_ecpubkey, oidsz) != 0) + return (1); + + /* Curve */ + oid = libder_obj_child(params, 1); + if (oid == NULL || libder_obj_type_simple(oid) != BT_OID) + goto out; + + oidp = libder_obj_data(oid, &oidsz); + if (ecc_extract_key_params(oidp, oidsz, rawparams) != 0) + goto out; + + /* Finally, peel off the key material */ + key = libder_obj_data(keydata, &keylen); + if (ecc_extract_pubkey_string(key, keylen, rawkey, rawlen) != 0) + goto out; + + rc = 0; +out: + libder_obj_free(root); + libder_close(ctx); + return (rc); +} + +struct ecc_verify_cbdata { + const struct pkgsign_ctx *sctx; + FILE *keyfp; + const unsigned char *key; + size_t keylen; + unsigned char *sig; + size_t siglen; +}; + +static int +ecc_verify_internal(struct ecc_verify_cbdata *cbdata, const uint8_t *hash, + size_t hashsz) +{ + ec_pub_key pubkey; + ec_params derparams; + const struct ecc_sign_ctx *keyinfo = ECC_CCTX(cbdata->sctx); + uint8_t keybuf[EC_PUB_KEY_MAX_SIZE]; + uint8_t rawsig[EC_MAX_SIGLEN]; + size_t keysz; + int ret; + uint8_t ecsiglen; + + keysz = MIN(sizeof(keybuf), cbdata->keylen / 2); + + keysz = sizeof(keybuf); + if (ecc_extract_pubkey(cbdata->keyfp, cbdata->key, cbdata->keylen, + keybuf, &keysz, &derparams) != 0) { + warnx("failed to parse key"); + return (1); + } + + ret = ec_get_sig_len(&derparams, keyinfo->sig_alg, keyinfo->sig_hash, + &ecsiglen); + if (ret != 0) + return (1); + + /* + * Signatures are DER-encoded, whether by OpenSSL or pkg. + */ + if (ecc_extract_signature(cbdata->sig, cbdata->siglen, + rawsig, ecsiglen) != 0) { + warnx("failed to decode signature"); + return (1); + } + + ret = ec_pub_key_import_from_aff_buf(&pubkey, &derparams, + keybuf, keysz, keyinfo->sig_alg); + if (ret != 0) { + warnx("failed to import key"); + return (1); + } + + ret = ec_verify(rawsig, ecsiglen, &pubkey, hash, hashsz, keyinfo->sig_alg, + keyinfo->sig_hash, NULL, 0); + if (ret != 0) { + warnx("failed to verify signature"); + return (1); + } + + return (0); +} + +static bool +ecc_verify_data(const struct pkgsign_ctx *sctx, + const char *data, size_t datasz, const char *sigfile, + const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + int ret; + struct ecc_verify_cbdata cbdata; + + ret = 1; + + if (sigfile != NULL) { + cbdata.keyfp = fopen(sigfile, "r"); + if (cbdata.keyfp == NULL) { + warn("fopen: %s", sigfile); + return (false); + } + } else { + cbdata.keyfp = NULL; + cbdata.key = key; + cbdata.keylen = keylen; + } + + cbdata.sctx = sctx; + cbdata.sig = sig; + cbdata.siglen = siglen; + + ret = ecc_verify_internal(&cbdata, data, datasz); + + if (cbdata.keyfp != NULL) + fclose(cbdata.keyfp); + + return (ret == 0); +} + +static bool +ecc_verify_cert(const struct pkgsign_ctx *sctx, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + bool ret; + char *sha256; + + ret = false; + if (lseek(fd, 0, SEEK_SET) == -1) { + warn("lseek"); + return (false); + } + + if ((sha256 = sha256_fd(fd)) != NULL) { + ret = ecc_verify_data(sctx, sha256, strlen(sha256), sigfile, key, + keylen, sig, siglen); + free(sha256); + } + + return (ret); +} + +static int +ecc_new(const char *name __unused, struct pkgsign_ctx *sctx) +{ + struct ecc_sign_ctx *keyinfo = ECC_CTX(sctx); + int ret; + + ret = 1; + if (STREQ(name, "ecc") || STREQ(name, "eddsa")) { + keyinfo->sig_alg = EDDSA25519; + keyinfo->sig_hash = SHA512; + ret = import_params(&keyinfo->params, &wei25519_str_params); + } else if (STREQ(name, "ecdsa")) { + keyinfo->sig_alg = ECDSA; + keyinfo->sig_hash = SHA256; + ret = import_params(&keyinfo->params, &secp256k1_str_params); + } + + if (ret != 0) + return (1); + + return (0); +} + +const struct pkgsign_ops pkgsign_ecc = { + .pkgsign_ctx_size = sizeof(struct ecc_sign_ctx), + .pkgsign_new = ecc_new, + .pkgsign_verify_cert = ecc_verify_cert, + .pkgsign_verify_data = ecc_verify_data, +}; diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 8980cca2bb2d..e7e0f6bf920d 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -56,6 +56,8 @@ #include "config.h" #include "hash.h" +#define PKGSIGN_MARKER "$PKGSIGN:" + static const struct pkgsign_impl { const char *pi_name; const struct pkgsign_ops *pi_ops; @@ -64,6 +66,18 @@ static const struct pkgsign_impl { .pi_name = "rsa", .pi_ops = &pkgsign_rsa, }, + { + .pi_name = "ecc", + .pi_ops = &pkgsign_ecc, + }, + { + .pi_name = "ecdsa", + .pi_ops = &pkgsign_ecc, + }, + { + .pi_name = "eddsa", + .pi_ops = &pkgsign_ecc, + }, }; typedef enum { @@ -487,11 +501,41 @@ pkg_read_fd(int fd, size_t *osz) return (obuf); } +/* + * Returns a copy of the signature type stored on the heap, and advances *bufp + * past the type. + */ +static char * +parse_sigtype(char **bufp, size_t *bufszp) +{ + char *buf = *bufp; + char *endp; + char *sigtype; + size_t bufsz = *bufszp; + + if (bufsz <= sizeof(PKGSIGN_MARKER) - 1 || + strncmp(buf, PKGSIGN_MARKER, sizeof(PKGSIGN_MARKER) - 1) != 0) + goto dflt; + + buf += sizeof(PKGSIGN_MARKER) - 1; + endp = strchr(buf, '$'); + if (endp == NULL) + goto dflt; + + sigtype = strndup(buf, endp - buf); + *bufp = endp + 1; + *bufszp -= *bufp - buf; + + return (sigtype); +dflt: + return (strdup("rsa")); +} + static struct pubkey * read_pubkey(int fd) { struct pubkey *pk; - char *sigb; + char *osigb, *sigb, *sigtype; size_t sigsz; if (lseek(fd, 0, 0) == -1) { @@ -499,13 +543,15 @@ read_pubkey(int fd) return (NULL); } - sigb = pkg_read_fd(fd, &sigsz); + osigb = sigb = pkg_read_fd(fd, &sigsz); + sigtype = parse_sigtype(&sigb, &sigsz); pk = calloc(1, sizeof(struct pubkey)); pk->siglen = sigsz; pk->sig = calloc(1, pk->siglen); memcpy(pk->sig, sigb, pk->siglen); - free(sigb); + pk->sigtype = sigtype; + free(osigb); return (pk); } @@ -514,17 +560,18 @@ static struct sig_cert * parse_cert(int fd) { int my_fd; struct sig_cert *sc; - FILE *fp, *sigfp, *certfp, *tmpfp; + FILE *fp, *sigfp, *certfp, *tmpfp, *typefp; char *line; - char *sig, *cert; - size_t linecap, sigsz, certsz; + char *sig, *cert, *type; + size_t linecap, sigsz, certsz, typesz; ssize_t linelen; + bool end_seen; sc = NULL; line = NULL; linecap = 0; - sig = cert = NULL; - sigfp = certfp = tmpfp = NULL; + sig = cert = type = NULL; + sigfp = certfp = tmpfp = typefp = NULL; if (lseek(fd, 0, 0) == -1) { warn("lseek"); @@ -543,22 +590,30 @@ parse_cert(int fd) { return (NULL); } - sigsz = certsz = 0; + sigsz = certsz = typesz = 0; sigfp = open_memstream(&sig, &sigsz); if (sigfp == NULL) err(EXIT_FAILURE, "open_memstream()"); certfp = open_memstream(&cert, &certsz); if (certfp == NULL) err(EXIT_FAILURE, "open_memstream()"); + typefp = open_memstream(&type, &typesz); + if (typefp == NULL) + err(EXIT_FAILURE, "open_memstream()"); + end_seen = false; while ((linelen = getline(&line, &linecap, fp)) > 0) { if (strcmp(line, "SIGNATURE\n") == 0) { tmpfp = sigfp; continue; + } else if (strcmp(line, "TYPE\n") == 0) { + tmpfp = typefp; + continue; } else if (strcmp(line, "CERT\n") == 0) { tmpfp = certfp; continue; } else if (strcmp(line, "END\n") == 0) { + end_seen = true; break; } if (tmpfp != NULL) @@ -568,11 +623,28 @@ parse_cert(int fd) { fclose(fp); fclose(sigfp); fclose(certfp); + fclose(typefp); sc = calloc(1, sizeof(struct sig_cert)); sc->siglen = sigsz -1; /* Trim out unrelated trailing newline */ sc->sig = sig; + if (typesz == 0) { + sc->type = strdup("rsa"); + free(type); + } else { + assert(type[typesz - 1] == '\n'); + type[typesz - 1] = '\0'; + sc->type = type; + } + + /* + * cert could be DER-encoded rather than PEM, so strip off any trailing + * END marker if we ran over it. + */ + if (!end_seen && certsz > 4 && + strcmp(&cert[certsz - 4], "END\n") == 0) + certsz -= 4; sc->certlen = certsz; sc->cert = cert; @@ -609,16 +681,23 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } - /* Future types shouldn't do this. */ - if ((data = sha256_fd(fd_pkg)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } + if (strcmp(pk->sigtype, "rsa") == 0) { + /* Future types shouldn't do this. */ + if ((data = sha256_fd(fd_pkg)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } - datasz = strlen(data); + datasz = strlen(data); + } else { + if ((data = pkg_read_fd(fd_pkg, &datasz)) == NULL) { + warnx("Failed to read package data"); + goto cleanup; + } + } - if (pkgsign_new("rsa", &sctx) != 0) { - warnx("Failed to fetch 'rsa' signer"); + if (pkgsign_new(pk->sigtype, &sctx) != 0) { + warnx("Failed to fetch '%s' signer", pk->sigtype); goto cleanup; } @@ -721,7 +800,7 @@ verify_signature(int fd_pkg, int fd_sig) goto cleanup; } - if (pkgsign_new("rsa", &sctx) != 0) { + if (pkgsign_new(sc->type, &sctx) != 0) { fprintf(stderr, "Failed to fetch 'rsa' signer\n"); goto cleanup; } diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index b9fe9b5fa566..f74f97ce795b 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -51,10 +51,12 @@ struct pkgsign_ops { pkgsign_verify_data_cb *pkgsign_verify_data; }; +extern const struct pkgsign_ops pkgsign_ecc; extern const struct pkgsign_ops pkgsign_rsa; struct sig_cert { char *name; + char *type; unsigned char *sig; int siglen; unsigned char *cert; @@ -63,6 +65,7 @@ struct sig_cert { }; struct pubkey { + char *sigtype; unsigned char *sig; int siglen; }; From nobody Sat Jan 11 02:49:04 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJd1JNJz5l4gr; Sat, 11 Jan 2025 02:49:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJd02LRz4J0K; Sat, 11 Jan 2025 02:49:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9XWERTuLtwp1O7uDqza/NdwTS+MzmyCfglTS1R4V/Fg=; b=eSE3Qun4cFIQqOg6sUoxyZxI1DvJcirqOby4jt2b2B8ZkH6M3BSHlYrNCybA51AEFFndEg W+XjiJJENkDwbH31mCAW54rWGTHzMu4i/++wLdKZWeu8G/XMHn2XGD0zSqLE5PR6D217tD +nZmk2N2NqaPOIW6kHK6Ls9VxlFyZ+OGmSwT+oJRqiN4Zi09Dy/D2lH3YpDWTsQHCLS8Qj i0xoqhTcakGz0IbHFNkTOSk8yN7ku52DJ5ZqN7FNlZxMmabRWt584zo1RubzOa+7j+CTE1 7zLh2JVIbfvBFHABVeWMxS0kB74FNV+vP/RuhO3WfwZqUQYgukCR3/HK5veUpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9XWERTuLtwp1O7uDqza/NdwTS+MzmyCfglTS1R4V/Fg=; b=vSw/5ijgtHCd7CQ8BzgpthhC+SVNjsQLsoGIlnhN3VGkkXBZcAMyzb7XvH24tgG5H8XOpD /8BWqWHbY3kwpNfetp52Im+ATLCRMxDjckV5BhP8/ySKcwrvuiMnL4qb2aQVEoxm/4OUxP 2CaSol5HvwtoTKLxt1QatlWlfJ4rPHES5Cqz38+3XIn5AkqHZhqO0EZO+xbwNe0CeBbJjG tyGjRitBJ2TFi2/RtdsWj3BfnkXlP+eYM1WsbxI0dA3ZBvqCpt9dVNB6RytJg5pnJnih9l xEYgcgmN3Cli+Wfk38CNI7M+vZ7j2n0lOjjRgoVVcBbD6KF+AiELZLBJZI9cxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563745; a=rsa-sha256; cv=none; b=Xjtw38UWdz5BbAYDthUs+4870I/UYLxCHROWKULcA9L8PM2uwZnCfGP2sVo5BD0QBVQBAp Rva4H8GZdJke5XHd7RmhISuYkKljwHCobWJw9UEOfeXknpRIJPz6R2K1JPopdCMeacorsD R/dfyFHYLpcFHZpLWqEXPvGXm0jtEk7uxEr3jRQL2XqO46gg7MEGja+iJY7qn1UmSrrZBp 8+BeH1yGYhP+nEscwpxsfcVOVxA751f9ZHTjLqAZVxt+IpON/nUVSb6bJXX91UgfGZ75yQ QMTkuuYU5Gsr6XLCyioEFjbux34a1c1YE2yVXYIatkgUsi0dKROfjkgzUydU7Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJc6mF2zgNQ; Sat, 11 Jan 2025 02:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n4R0066747; Sat, 11 Jan 2025 02:49:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n48x066744; Sat, 11 Jan 2025 02:49:04 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:04 GMT Message-Id: <202501110249.50B2n48x066744@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 4e33c2e91835 - stable/13 - pkg: add a pkgsign_verify_data callback List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 4e33c2e91835162f994589bceff9a16ed4613d49 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=4e33c2e91835162f994589bceff9a16ed4613d49 commit 4e33c2e91835162f994589bceff9a16ed4613d49 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:28 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:31 +0000 pkg: add a pkgsign_verify_data callback This will be used to verify raw payloads, as if signed by pkg-key(8). It will be used specifically in pkg(7) to verify .pubkeysig as published by poudriere. Amend verify_pubsignature() now to use it. For the RSA signer, we need to verify using a sha256 of the data instead of the data itself. Reviewed by: bapt (cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e) --- usr.sbin/pkg/pkg.c | 30 +++++++++++++++++++++++++++++- usr.sbin/pkg/pkg.h | 4 ++++ usr.sbin/pkg/rsa.c | 50 ++++++++++++++++++++++++++++++++------------------ 3 files changed, 65 insertions(+), 19 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 5cc9c3b8dbfe..8980cca2bb2d 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -141,6 +141,17 @@ pkgsign_verify_cert(const struct pkgsign_ctx *ctx, int fd, const char *sigfile, key, keylen, sig, siglen)); } +static bool +pkgsign_verify_data(const struct pkgsign_ctx *ctx, const char *data, + size_t datasz, const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + + return ((*ctx->impl->pi_ops->pkgsign_verify_data)(ctx, data, datasz, + sigfile, key, keylen, sig, siglen)); +} + + static int extract_pkg_static(int fd, char *p, int sz) { @@ -573,12 +584,15 @@ verify_pubsignature(int fd_pkg, int fd_sig) { struct pubkey *pk; const char *pubkey; + char *data; struct pkgsign_ctx *sctx; + size_t datasz; bool ret; pk = NULL; pubkey = NULL; sctx = NULL; + data = NULL; ret = false; if (config_string(PUBKEY, &pubkey) != 0) { warnx("No CONFIG_PUBKEY defined"); @@ -590,6 +604,19 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } + if (lseek(fd_pkg, 0, SEEK_SET) == -1) { + warn("lseek"); + goto cleanup; + } + + /* Future types shouldn't do this. */ + if ((data = sha256_fd(fd_pkg)) == NULL) { + warnx("Error creating SHA256 hash for package"); + goto cleanup; + } + + datasz = strlen(data); + if (pkgsign_new("rsa", &sctx) != 0) { warnx("Failed to fetch 'rsa' signer"); goto cleanup; @@ -597,7 +624,7 @@ verify_pubsignature(int fd_pkg, int fd_sig) /* Verify the signature. */ printf("Verifying signature with public key %s... ", pubkey); - if (pkgsign_verify_cert(sctx, fd_pkg, pubkey, NULL, 0, pk->sig, + if (pkgsign_verify_data(sctx, data, datasz, pubkey, NULL, 0, pk->sig, pk->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; @@ -606,6 +633,7 @@ verify_pubsignature(int fd_pkg, int fd_sig) ret = true; cleanup: + free(data); if (pk) { free(pk->sig); free(pk); diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index 2d0dab96a20f..b9fe9b5fa566 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -40,11 +40,15 @@ struct pkgsign_ctx { typedef int pkgsign_new_cb(const char *, struct pkgsign_ctx *); typedef bool pkgsign_verify_cert_cb(const struct pkgsign_ctx *, int, const char *, const unsigned char *, int, unsigned char *, int); +typedef bool pkgsign_verify_data_cb(const struct pkgsign_ctx *, + const char *, size_t, const char *, const unsigned char *, int, + unsigned char *, int); struct pkgsign_ops { size_t pkgsign_ctx_size; pkgsign_new_cb *pkgsign_new; pkgsign_verify_cert_cb *pkgsign_verify_cert; + pkgsign_verify_data_cb *pkgsign_verify_data; }; extern const struct pkgsign_ops pkgsign_rsa; diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index b6345cdcecb8..b28f44ec1953 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -78,33 +78,20 @@ load_public_key_buf(const unsigned char *cert, int certlen) } static bool -rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, - const char *sigfile, const unsigned char *key, int keylen, - unsigned char *sig, int siglen) +rsa_verify_data(const struct pkgsign_ctx *ctx __unused, + const char *data, size_t datasz, const char *sigfile, + const unsigned char *key, int keylen, unsigned char *sig, int siglen) { EVP_MD_CTX *mdctx; EVP_PKEY *pkey; - char *sha256; char errbuf[1024]; bool ret; - sha256 = NULL; pkey = NULL; mdctx = NULL; ret = false; - SSL_load_error_strings(); - /* Compute SHA256 of the package. */ - if (lseek(fd, 0, 0) == -1) { - warn("lseek"); - goto cleanup; - } - if ((sha256 = sha256_fd(fd)) == NULL) { - warnx("Error creating SHA256 hash for package"); - goto cleanup; - } - if (sigfile != NULL) { if ((pkey = load_public_key_file(sigfile)) == NULL) { warnx("Error reading public key"); @@ -127,7 +114,7 @@ rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); goto error; } - if (EVP_DigestVerifyUpdate(mdctx, sha256, strlen(sha256)) != 1) { + if (EVP_DigestVerifyUpdate(mdctx, data, datasz) != 1) { warnx("%s", ERR_error_string(ERR_get_error(), errbuf)); goto error; } @@ -145,7 +132,6 @@ error: printf("failed\n"); cleanup: - free(sha256); if (pkey) EVP_PKEY_free(pkey); if (mdctx) @@ -155,6 +141,34 @@ cleanup: return (ret); } +static bool +rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) +{ + char *sha256; + bool ret; + + sha256 = NULL; + + /* Compute SHA256 of the package. */ + if (lseek(fd, 0, 0) == -1) { + warn("lseek"); + return (false); + } + if ((sha256 = sha256_fd(fd)) == NULL) { + warnx("Error creating SHA256 hash for package"); + return (false); + } + + ret = rsa_verify_data(ctx, sha256, strlen(sha256), sigfile, key, keylen, + sig, siglen); + free(sha256); + + return (ret); +} + const struct pkgsign_ops pkgsign_rsa = { .pkgsign_verify_cert = rsa_verify_cert, + .pkgsign_verify_data = rsa_verify_data, }; From nobody Sat Jan 11 02:49:03 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJc2ml0z5l4pm; Sat, 11 Jan 2025 02:49:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJb6FBnz4Hhr; Sat, 11 Jan 2025 02:49:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6vGo4uZGsEsAIzg+sRmEv8CVuBQzLIsx+41/4Hf5rOU=; b=AdiFSzbY3LwD5XvSISnCkHSINnM9Hodx0725I2b76jhfYseRZrj94FXtxZaSNR9Jm+yU49 ZMJRkbU11htBUi2NPCN1zVr+mQMpCR9jhJrNZZwyGtW9qs2mklUoeyMRRIs3aGsyPq0xfL PIzH9UXKn/00e0ooi8e8fxoOtMN+MwYmRvgZXsbOEWl2xRQSATRATFXu8DY5ypE529Vuqy rfeQF6TWDNGGpXZZ/76zWTPr8tzjkEkhY6BZQo0ursM/XcgUvAJ/uSjjmXxyOGrpVhI696 D8U/Rk7kGuCHlbv4eaEMtIaI/8FVW/eAG35r58KoZ3/NW3OdjUvWQ5w1t79FMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6vGo4uZGsEsAIzg+sRmEv8CVuBQzLIsx+41/4Hf5rOU=; b=xKC9uwNrv035VmS4IgQocnasrSOal+awN1N0nQuda3RHb9G7pb/0kwtEzUJb7mUYUwQMcU HnxMFo5pw0xSjwoV8mFezvVi7nA707uAl/A1lW7k+TJXog+yjq2n0eqhg2fNs7FX4gYK/5 eQbYyxc9UME/RPW+QuaUVCzyWxAcEKZd5ZpazMoKYUvZNpYReWTjbJVKFqcus+xFybfsiF z40x472mI4B2ExiM8L8G5vCvDGZMXlh/onBM6IU11E3PnQ/UsLBjf3uObzriIKuy7LqDr/ 6cTV0nKkuMXNOYy/p/WWZW+cGm68hSpa7+ckGWViqDDOmQz0NPEKwRP4Z137rQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563743; a=rsa-sha256; cv=none; b=gwwSNfTWMW8TkMOBYWtU58nL5caCOI8pBzZNWqa5dxuM0l0Ww/u+at8UAb+FctOf7C8ZVx qEDHJ7VDdWezIqhomINK5LiIbDuJV6vJoUC19O02WPrw1jYp1s/1cxG2VPan4C2pfVC1jA cEeA0scmkosWOw3iV0+qhJ53J2RX9wdx8xB1chuYflh4HfOovQdb6kDFBsLnbA1vTZv8Ta ReasilfLWHWMh0kkYlbTBGo54E33jZCX+3WC0ML+NzcVYS+4bdkp/Khn8manfCB5Z5l6Kb +xTneTfcI5PCQ6Z3nzq06zvnyJorlEhFDjajN9l8t+aVK3EGUkD2S5Xl8BSfdQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJb5qsszg8m; Sat, 11 Jan 2025 02:49:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n3WL066699; Sat, 11 Jan 2025 02:49:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n31x066696; Sat, 11 Jan 2025 02:49:03 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:03 GMT Message-Id: <202501110249.50B2n31x066696@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 082f3564f94d - stable/13 - pkg: abstract rsa out behind a pkgsign API List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 082f3564f94d85054aba8ef4d34fc375611e5387 Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=082f3564f94d85054aba8ef4d34fc375611e5387 commit 082f3564f94d85054aba8ef4d34fc375611e5387 Author: Kyle Evans AuthorDate: 2025-01-01 21:10:27 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:30 +0000 pkg: abstract rsa out behind a pkgsign API This mirrors a change we made in pkg(8), and will be used to next add another signer that does ECC. Reviewed by: bapt, emaste (cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead) --- usr.sbin/pkg/pkg.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- usr.sbin/pkg/pkg.h | 22 ++++++++++++-- usr.sbin/pkg/rsa.c | 11 +++++-- 3 files changed, 110 insertions(+), 9 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 56bced7b9c5f..5cc9c3b8dbfe 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -35,6 +35,7 @@ #include #include +#include #include #include #include @@ -55,6 +56,16 @@ #include "config.h" #include "hash.h" +static const struct pkgsign_impl { + const char *pi_name; + const struct pkgsign_ops *pi_ops; +} pkgsign_builtins[] = { + { + .pi_name = "rsa", + .pi_ops = &pkgsign_rsa, + }, +}; + typedef enum { HASH_UNKNOWN, HASH_SHA256, @@ -75,6 +86,61 @@ static const char *bootstrap_names [] = { STAILQ_HEAD(fingerprint_list, fingerprint); +static int +pkgsign_new(const char *name, struct pkgsign_ctx **ctx) +{ + const struct pkgsign_impl *impl; + const struct pkgsign_ops *ops; + struct pkgsign_ctx *nctx; + size_t ctx_size; + int ret; + + assert(*ctx == NULL); + ops = NULL; + for (size_t i = 0; i < nitems(pkgsign_builtins); i++) { + impl = &pkgsign_builtins[i]; + + if (strcmp(name, impl->pi_name) == 0) { + ops = impl->pi_ops; + break; + } + } + + if (ops == NULL) + return (ENOENT); + + ctx_size = ops->pkgsign_ctx_size; + if (ctx_size == 0) + ctx_size = sizeof(*nctx); + assert(ctx_size >= sizeof(*nctx)); + + nctx = calloc(1, ctx_size); + if (nctx == NULL) + err(EXIT_FAILURE, "calloc"); + nctx->impl = impl; + + ret = 0; + if (ops->pkgsign_new != NULL) + ret = (*ops->pkgsign_new)(name, nctx); + + if (ret != 0) { + free(nctx); + return (ret); + } + + *ctx = nctx; + return (0); +} + +static bool +pkgsign_verify_cert(const struct pkgsign_ctx *ctx, int fd, const char *sigfile, + const unsigned char *key, int keylen, unsigned char *sig, int siglen) +{ + + return ((*ctx->impl->pi_ops->pkgsign_verify_cert)(ctx, fd, sigfile, + key, keylen, sig, siglen)); +} + static int extract_pkg_static(int fd, char *p, int sz) { @@ -507,10 +573,12 @@ verify_pubsignature(int fd_pkg, int fd_sig) { struct pubkey *pk; const char *pubkey; + struct pkgsign_ctx *sctx; bool ret; pk = NULL; pubkey = NULL; + sctx = NULL; ret = false; if (config_string(PUBKEY, &pubkey) != 0) { warnx("No CONFIG_PUBKEY defined"); @@ -522,9 +590,14 @@ verify_pubsignature(int fd_pkg, int fd_sig) goto cleanup; } + if (pkgsign_new("rsa", &sctx) != 0) { + warnx("Failed to fetch 'rsa' signer"); + goto cleanup; + } + /* Verify the signature. */ printf("Verifying signature with public key %s... ", pubkey); - if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig, + if (pkgsign_verify_cert(sctx, fd_pkg, pubkey, NULL, 0, pk->sig, pk->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; @@ -547,6 +620,7 @@ verify_signature(int fd_pkg, int fd_sig) struct fingerprint_list *trusted, *revoked; struct fingerprint *fingerprint; struct sig_cert *sc; + struct pkgsign_ctx *sctx; bool ret; int trusted_count, revoked_count; const char *fingerprints; @@ -555,6 +629,7 @@ verify_signature(int fd_pkg, int fd_sig) hash = NULL; sc = NULL; + sctx = NULL; trusted = revoked = NULL; ret = false; @@ -618,10 +693,15 @@ verify_signature(int fd_pkg, int fd_sig) goto cleanup; } + if (pkgsign_new("rsa", &sctx) != 0) { + fprintf(stderr, "Failed to fetch 'rsa' signer\n"); + goto cleanup; + } + /* Verify the signature. */ printf("Verifying signature with trusted certificate %s... ", sc->name); - if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig, - sc->siglen) == false) { + if (pkgsign_verify_cert(sctx, fd_pkg, NULL, sc->cert, sc->certlen, + sc->sig, sc->siglen) == false) { fprintf(stderr, "Signature is not valid\n"); goto cleanup; } diff --git a/usr.sbin/pkg/pkg.h b/usr.sbin/pkg/pkg.h index faa2be6c8376..2d0dab96a20f 100644 --- a/usr.sbin/pkg/pkg.h +++ b/usr.sbin/pkg/pkg.h @@ -30,6 +30,25 @@ #ifndef _PKG_H #define _PKG_H +#include + +struct pkgsign_ctx { + const struct pkgsign_impl *impl; +}; + +/* Tentatively won't be needing to free any state, all allocated in the ctx. */ +typedef int pkgsign_new_cb(const char *, struct pkgsign_ctx *); +typedef bool pkgsign_verify_cert_cb(const struct pkgsign_ctx *, int, + const char *, const unsigned char *, int, unsigned char *, int); + +struct pkgsign_ops { + size_t pkgsign_ctx_size; + pkgsign_new_cb *pkgsign_new; + pkgsign_verify_cert_cb *pkgsign_verify_cert; +}; + +extern const struct pkgsign_ops pkgsign_rsa; + struct sig_cert { char *name; unsigned char *sig; @@ -44,9 +63,6 @@ struct pubkey { int siglen; }; -bool rsa_verify_cert(int, const char *, const unsigned char *, int, - unsigned char *, int); - char *pkg_read_fd(int fd, size_t *osz); #endif /* _PKG_H */ diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index afc446a6ad06..b6345cdcecb8 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -77,9 +77,10 @@ load_public_key_buf(const unsigned char *cert, int certlen) return (pkey); } -bool -rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, - int keylen, unsigned char *sig, int siglen) +static bool +rsa_verify_cert(const struct pkgsign_ctx *ctx __unused, int fd, + const char *sigfile, const unsigned char *key, int keylen, + unsigned char *sig, int siglen) { EVP_MD_CTX *mdctx; EVP_PKEY *pkey; @@ -153,3 +154,7 @@ cleanup: return (ret); } + +const struct pkgsign_ops pkgsign_rsa = { + .pkgsign_verify_cert = rsa_verify_cert, +}; From nobody Sat Jan 11 02:49:07 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVNJg2mnhz5l4bn; Sat, 11 Jan 2025 02:49:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVNJg1Jdlz4J0f; Sat, 11 Jan 2025 02:49:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563747; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RnC+R5SWkm19ZcvKz9PlMs5TlLGFu9HbJbG6pH+jjDo=; b=VsqqzYokPv4gl6qDwijHqwdK40MC0u08LDr9UARokQZJixuW3EbYzS8htEBOqi5i9zLsWV cPe6jb8anz9icCI6SoD+R6jgipQfuzPlaESDDa+NhFjoXZZMp3MSK5niO8bvFt7v2YkjYM 2fU9Efb6+oaZrEof00lks/zlGZWVq1AuPZ7lXYt26SHLFrPs2V9O8NQUsh2zlXSkdKhAGX ZUyi25jJ7e9FHtnbdwzMv+du6vZ6/utDP76HggKzY+7M68YiSE1xCn4HGNGWUbeM+VQ4Qf hE/2DZVRmgfl7UvBQceCY1VOH37XVNTUQF9F2zUeBgtbdBXpQ7acvPVuNqJRuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736563747; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RnC+R5SWkm19ZcvKz9PlMs5TlLGFu9HbJbG6pH+jjDo=; b=hOkfGd8SklihY91eJJk/t/KGU9em2gCadWpoye6uhEy1fDoIL6ElvjiRJnEt6WHxNHxFMb 4lLkYfr0Er0pXY5mvTtQihEvbvRbqcvXWy2+bA/13Xh+IzzLJyHbH1xJa3m3YbyZXsm1PO xRu5mlB26ZjEFrsWp0sgLH9o/TepfdusLlyPGMwNfqRmrYFdjAST/7faelklivld0s0RdS hiMI0FSn0F09Xnb4dih10MOkB1aR1PYc/eWTuE5hhELGzTbUaOjbZ0fuC+3uSBxvDSSOB+ UsGFJbG0F0KJl+zVzLRMzbg3UQAg7WAsbbNnz99p1shiKtzXT3X8Rz4Xy/4l2w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736563747; a=rsa-sha256; cv=none; b=l7Uavq0pvK8QRhylPUvdDyE5VEOWMwn2YQByuQSC89xPVJQwsavAiwlF8Ik+Bj47ydMvVy R5KgNXNIYPi7lsYY1t3KLMTUm70hXYbCQiEnXMV8R/0ni/kE0Db6ps4GOIm2AA+1PQ52cA 2UiLC/O7r8Uo9oywwGEO3q7QcfA6GOJ3bt6IYaEpYngiCUsYJ9f9Uwh9PBuuwqPBWobxZI cUkUFudOVqgxpI3wq6NfFu7XNP6bHV6ct1zUAoXuF2t10zMQdKB5tD0OxvSmsGHx/2ifC5 5dO+TlWnVxvHghsTZ9LR8mE4NYNhU5tnUOyZ9xAz+F5RxvTUtGvqzGe/Cw4Dag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVNJg0qJXzfy5; Sat, 11 Jan 2025 02:49:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B2n7HP066848; Sat, 11 Jan 2025 02:49:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B2n7Ob066845; Sat, 11 Jan 2025 02:49:07 GMT (envelope-from git) Date: Sat, 11 Jan 2025 02:49:07 GMT Message-Id: <202501110249.50B2n7Ob066845@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 0d946859c994 - stable/13 - shar: add a deprecation notice List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 0d946859c99408ab42c9f3934ee9c9f149e3e36b Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=0d946859c99408ab42c9f3934ee9c9f149e3e36b commit 0d946859c99408ab42c9f3934ee9c9f149e3e36b Author: Kyle Evans AuthorDate: 2025-01-02 02:15:36 +0000 Commit: Kyle Evans CommitDate: 2025-01-11 02:48:31 +0000 shar: add a deprecation notice The shar(1) program is simple, but the fundamental idea of a sh archive is risky at best and one that we probably shouldn't be promoting as prominently as a program in $PATH and a manpage. Let's deprecate and remove it, since the same functionality can easily be found in tar(1) instead. Reviewed by: emaste, philip Reviewed by: allanjude, brooks, delphij, des, imp, rpokala (previous) (cherry picked from commit f68ee0e7a1e8732f725cad4ac708ec49093782d4) (cherry picked from commit 2832af7b4ea256b18ef4dbf2ff97a50765f0609a) --- usr.bin/shar/shar.1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/usr.bin/shar/shar.1 b/usr.bin/shar/shar.1 index 3a49c9ee06e3..9b74745970c9 100644 --- a/usr.bin/shar/shar.1 +++ b/usr.bin/shar/shar.1 @@ -27,12 +27,29 @@ .\" .\" @(#)shar.1 8.1 (Berkeley) 6/6/93 .\" -.Dd January 31, 2019 +.Dd January 1, 2025 .Dt SHAR 1 .Os .Sh NAME .Nm shar .Nd create a shell archive of files +.Sh DEPRECATION NOTICE +.Nm +is obsolete and may not be present in +.Fx 15 +and later. +Because shell archives are simultaneously data and code and are typically +interpreted by +.Xr sh 1 , +they can easily be trojan-horsed and pose a significant security risk to users. +The +.Xr tar 1 +utility can still produce shar encodings of files if needed. +The +.Pa sysutils/freebsd-shar +port has been created to maintain this version of +.Nm +past its deprecation in base. .Sh SYNOPSIS .Nm .Ar From nobody Sat Jan 11 08:13:25 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVWVs6FMVz5jnn0; Sat, 11 Jan 2025 08:13:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVWVs5gjyz3xbt; Sat, 11 Jan 2025 08:13:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736583205; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IYrSXZCvCrVjL4ziYQAnAht237XqSCILsFvcYGoRThQ=; b=CgtsTdm3yajXFzFOKurw/g39LL7drJgkdTxpRJVuZiC/a9DOSQjIm+3UcLAYxdNcg26hV6 ahzTdZygTApNqSxBTEZWAt2afoWf2MGJdFK5UjjFlLU9XACJlExhKqXnoTZdeQB8yw39MX lloh1PddZW9PelzFU9C6sfEgfibWwhrKgN0JRl0m4Qf588THScUjOwBhc6IqWSRjzq2kuR f/PLwamvTDTCaZVhbkiBqM6imhcmrTUmzriJclEoRLadbja4FHvUDt4+tccn4dfgD52NDx w8fShsECf7Ym3F5ByxkmUxBXtuHjtY1Ui6VwutzwpdGloCxp/Q09GPiRd2plvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736583205; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IYrSXZCvCrVjL4ziYQAnAht237XqSCILsFvcYGoRThQ=; b=FhKNjMGExAnIR3G3DCtWqDishlVXg08oIx86pPZCmjKlDIsvttG9zmePoS2Twprc07mm5N soLy7TXn+wcoisPWkIlfT+nqsjXJzNPE8RXsr+MVJ6lEun4UIUSxMVm5I9wk5OQJy+C49m DdQi1XQbyFimGiJavLqUfm2P83W2nerz+B4guhVzT0L88UUxx/LTPS14kbrLhTY78GUoPJ /UiKv5AbMBt9VwPLSYdsGs96uR5G7atdXy3ytgxqLng2cApK297rgfUEKUjacjEh2ArUbr WHsNHcX6y7GMhCq7+ZSv/e7SWx94U2up0PvYDv2O0KVgfcbigNyQ1UUKmkiq8g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736583205; a=rsa-sha256; cv=none; b=SKQEEtd2wEWzFtv1o3n/0HrOCA+DcJJRrMFcUfYRl2qPOJqENzTnixTdUxriYsqU8EXmxw Q2yz0yYIFjVcThEQ5PqAdOrLrFGMxd5mIp8Ka3QhcRe/a4976xJz7Mq++Y4X1otTy3T5lo SlOcHwysXvXSknThWnNc84+7eVgj9UJgOkVs34lRlqHkAbXtQfLivEN8ZWf7lNM7CZGLqm KCBRoQoIlylU/LK4SZAZt1SHImnCSxepnCTmb/7TdGVSkbXnFo7d1Mr+A9DI1YPKbuC5sd l1Lx4zlpGv4rGv9xSPpzCpbz4Wbl2faUV/XXhmuGENeTktnjgW1g/0U2mlf/sg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVWVs59C8zqfh; Sat, 11 Jan 2025 08:13:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B8DPEC084678; Sat, 11 Jan 2025 08:13:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B8DP4V084675; Sat, 11 Jan 2025 08:13:25 GMT (envelope-from git) Date: Sat, 11 Jan 2025 08:13:25 GMT Message-Id: <202501110813.50B8DP4V084675@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Yoshihiro Takahashi Subject: git: e5869ff39d4a - stable/14 - uart: Add support for Brainboxes / Intashield serial cards. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nyan X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e5869ff39d4a66ebf8940355df3f62663babbb26 Auto-Submitted: auto-generated The branch stable/14 has been updated by nyan: URL: https://cgit.FreeBSD.org/src/commit/?id=e5869ff39d4a66ebf8940355df3f62663babbb26 commit e5869ff39d4a66ebf8940355df3f62663babbb26 Author: Yoshihiro Takahashi AuthorDate: 2024-12-31 09:04:27 +0000 Commit: Yoshihiro Takahashi CommitDate: 2025-01-11 08:09:41 +0000 uart: Add support for Brainboxes / Intashield serial cards. PR: 283226 Reported by: Cameron Williams (cherry picked from commit 41b30bbc1a57b60afee9acdd6ad240c92ef13790) --- sys/dev/puc/pucdata.c | 422 ++++++++++++++++++++++++++++++++++++++++++++ sys/dev/uart/uart_bus_pci.c | 14 ++ 2 files changed, 436 insertions(+) diff --git a/sys/dev/puc/pucdata.c b/sys/dev/puc/pucdata.c index f127e27e7b08..e911a407cca9 100644 --- a/sys/dev/puc/pucdata.c +++ b/sys/dev/puc/pucdata.c @@ -493,6 +493,428 @@ const struct puc_cfg puc_pci_devices[] = { .config_function = puc_config_siig }, + { 0x135a, 0x0841, 0xffff, 0, + "Brainboxes UC-268", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0861, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0862, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0863, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0881, 0xffff, 0, + "Brainboxes UC-279", + DEFAULT_RCLK, + PUC_PORT_8S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a1, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a2, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a3, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08c1, 0xffff, 0, + "Brainboxes UC-310", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e1, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e2, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e3, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0901, 0xffff, 0, + "Brainboxes UC-431", + DEFAULT_RCLK, + PUC_PORT_3S, 0x18, 0, 8, + }, + + { 0x135a, 0x0921, 0xffff, 0, + "Brainboxes UC-420", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0981, 0xffff, 0, + "Brainboxes UC-475", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0982, 0xffff, 0, + "Brainboxes UC-475", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a1, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a2, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a3, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a81, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a82, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a83, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac1, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac2, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac3, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b01, 0xffff, 0, + "Brainboxes UC-346", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b02, 0xffff, 0, + "Brainboxes UC-346", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b21, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b22, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b23, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ba1, 0xffff, 0, + "Brainboxes UC-101", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0bc1, 0xffff, 0, + "Brainboxes UC-203", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0bc2, 0xffff, 0, + "Brainboxes UC-203", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c01, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c02, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c03, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c21, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c22, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c23, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c41, 0xffff, 0, + "Brainboxes UC-368", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ca1, 0xffff, 0, + "Brainboxes UC-253", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d21, 0xffff, 0, + "Brainboxes UC-260", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d41, 0xffff, 0, + "Brainboxes UC-836", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d80, 0xffff, 0, + "Intashield IS-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0dc0, 0xffff, 0, + "Intashield IS-400", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0e41, 0xffff, 0, + "Brainboxes PX-279", + DEFAULT_RCLK, + PUC_PORT_8S, 0x18, 0, 8, + }, + + { 0x135a, 0x0e61, 0xffff, 0, + "Brainboxes UC-414", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x400a, 0xffff, 0, + "Brainboxes PX-260", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400b, 0xffff, 0, + "Brainboxes PX-320", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400c, 0xffff, 0, + "Brainboxes PX-313", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400e, 0xffff, 0, + "Brainboxes PX-310", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400f, 0xffff, 0, + "Brainboxes PX-346", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4010, 0xffff, 0, + "Brainboxes PX-368", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4011, 0xffff, 0, + "Brainboxes PX-420", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4012, 0xffff, 0, + "Brainboxes PX-431", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4013, 0xffff, 0, + "Brainboxes PX-820", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4014, 0xffff, 0, + "Brainboxes PX-831", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4015, 0xffff, 0, + "Brainboxes PX-257", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4016, 0xffff, 0, + "Brainboxes PX-246", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4017, 0xffff, 0, + "Brainboxes PX-846", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4018, 0xffff, 0, + "Brainboxes PX-857", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4019, 0xffff, 0, + "Brainboxes PX-101", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x401d, 0xffff, 0, + "Brainboxes PX-475", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x401e, 0xffff, 0, + "Brainboxes PX-803", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4027, 0xffff, 0, + "Intashield IX-100", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4028, 0xffff, 0, + "Intashield IX-200", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4029, 0xffff, 0, + "Intashield IX-400", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + { 0x135c, 0x0010, 0xffff, 0, "Quatech QSC-100", -3, /* max 8x clock rate */ diff --git a/sys/dev/uart/uart_bus_pci.c b/sys/dev/uart/uart_bus_pci.c index 3b69439c75f0..36a77a149058 100644 --- a/sys/dev/uart/uart_bus_pci.c +++ b/sys/dev/uart/uart_bus_pci.c @@ -107,6 +107,20 @@ static const struct pci_id pci_ns8250_ids[] = { { 0x131f, 0x2000, 0xffff, 0, "Siig CyberSerial (1-port) 16550", 0x10 }, { 0x131f, 0x2001, 0xffff, 0, "Siig CyberSerial (1-port) 16650", 0x10 }, { 0x131f, 0x2002, 0xffff, 0, "Siig CyberSerial (1-port) 16850", 0x10 }, +{ 0x135a, 0x0a61, 0xffff, 0, "Brainboxes UC-324", 0x18 }, +{ 0x135a, 0x0aa1, 0xffff, 0, "Brainboxes UC-246", 0x18 }, +{ 0x135a, 0x0aa2, 0xffff, 0, "Brainboxes UC-246", 0x18 }, +{ 0x135a, 0x0d60, 0xffff, 0, "Intashield IS-100", 0x18 }, +{ 0x135a, 0x0da0, 0xffff, 0, "Intashield IS-300", 0x18 }, +{ 0x135a, 0x4000, 0xffff, 0, "Brainboxes PX-420", 0x10 }, +{ 0x135a, 0x4001, 0xffff, 0, "Brainboxes PX-431", 0x10 }, +{ 0x135a, 0x4002, 0xffff, 0, "Brainboxes PX-820", 0x10 }, +{ 0x135a, 0x4003, 0xffff, 0, "Brainboxes PX-831", 0x10 }, +{ 0x135a, 0x4004, 0xffff, 0, "Brainboxes PX-246", 0x10 }, +{ 0x135a, 0x4005, 0xffff, 0, "Brainboxes PX-101", 0x10 }, +{ 0x135a, 0x4006, 0xffff, 0, "Brainboxes PX-257", 0x10 }, +{ 0x135a, 0x4008, 0xffff, 0, "Brainboxes PX-846", 0x10 }, +{ 0x135a, 0x4009, 0xffff, 0, "Brainboxes PX-857", 0x10 }, { 0x135c, 0x0190, 0xffff, 0, "Quatech SSCLP-100", 0x18 }, { 0x135c, 0x01c0, 0xffff, 0, "Quatech SSCLP-200/300", 0x18 }, { 0x135e, 0x7101, 0xffff, 0, "Sealevel Systems Single Port RS-232/422/485/530", From nobody Sat Jan 11 08:15:27 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVWYC5lJBz5jp4P; Sat, 11 Jan 2025 08:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVWYC4n4Hz3xrg; Sat, 11 Jan 2025 08:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736583327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BxJ+1yjEk21n3A3uWFxI1j7OJYV6MFMHUhJkXIVZUyY=; b=axqbfbq3dqlg4kiJedlhPvYyy/CN9MQ3wIwMJC0FnOKZQZfkxdbSimoLPOxRRIC6p35y64 smTJTWJW7rSsPrVL3L5PbsalXcGeijU9Nr4BJQJBo7BV/GcJSvhuWSg52HmLVH0kk7X0I8 13GyK7kU6wWGtTLRmtu4oon3BIXTnrOQsxCQh8+Ha2juC6TZAUc6yJayAkk21pjrM5ZT1z 782DM03vRJaJBy520+KY8BIFtG7aH0Boa5GvYP2iJGiZfy/18hd+7oAOA9s/jL+zb45eHN i6Q+jKjc0Ye5BTnE/g9u1jpePwHPEkpir/YamKvfubJ6XUjPLeUeVQvJOj7R/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736583327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BxJ+1yjEk21n3A3uWFxI1j7OJYV6MFMHUhJkXIVZUyY=; b=K6KV96+P2/ZZ3rpVE0jrozEAp0PqVthXMA3su7WtxdKZhCZVRTyURevtXVv2aQzHpbDd+k 53YVdBr0wBmItuxSinqeMHlZ6yA35iO705K330zEgzHYja19bixdY1tWJM32Z251um/WDQ cP2+hkTdbyPukQ0Z4oNeaCTW5WbsBrYHr/+merb8Wps/UotpBvPdEYYj6gdPCAMRFRqgSB 1fP+aZmoICxne6/2AO8gnrAqoO+U0VB2vOMOHSKGlXWfEjZEkrpu1C2CegTEtygtDCUnQ0 4/Ge4fO3yP8nZxs7Um+08T5HgSXioKseJYZn3ELR6msLS2jKH33GGy2wv+LlhA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736583327; a=rsa-sha256; cv=none; b=ijA7BofbQ23epPVmRxMMEyIiLmZIza8tpqftge7t+TaskzkyP4cuYNdurhIu9PmR3LsCCf PNqTCvIklVg8M0gu8n1gW7w1JJbfJ1Tqkh8vqd7iHg5RhDSMMpij5jdZG4kOv0wD2nnY1v Exp/5vRpv3Os9S5yJCZ49xc+qLKw/sb86w/XnrvmSggKbTf0uwcCs40390IUK0t4v9giJx MrJ4odPKUf/zwHBG53vBJhnDKrPjLiK8mn9l/ER371knkEeftdiE0TpFco1maqWIyAeC2s ZGl89S8pWRW0tLB5YTLAf3N36A/fjaOpnjeMM/+UaQsxD0Rj8LafbyXNNhnKgA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVWYC4P7pzqx4; Sat, 11 Jan 2025 08:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50B8FReg085414; Sat, 11 Jan 2025 08:15:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50B8FR6x085411; Sat, 11 Jan 2025 08:15:27 GMT (envelope-from git) Date: Sat, 11 Jan 2025 08:15:27 GMT Message-Id: <202501110815.50B8FR6x085411@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Yoshihiro Takahashi Subject: git: f4ff5481d871 - stable/13 - uart: Add support for Brainboxes / Intashield serial cards. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nyan X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f4ff5481d8713ce3a37b4f2d48d7948e5bd3696b Auto-Submitted: auto-generated The branch stable/13 has been updated by nyan: URL: https://cgit.FreeBSD.org/src/commit/?id=f4ff5481d8713ce3a37b4f2d48d7948e5bd3696b commit f4ff5481d8713ce3a37b4f2d48d7948e5bd3696b Author: Yoshihiro Takahashi AuthorDate: 2024-12-31 09:04:27 +0000 Commit: Yoshihiro Takahashi CommitDate: 2025-01-11 08:13:45 +0000 uart: Add support for Brainboxes / Intashield serial cards. PR: 283226 Reported by: Cameron Williams (cherry picked from commit 41b30bbc1a57b60afee9acdd6ad240c92ef13790) --- sys/dev/puc/pucdata.c | 422 ++++++++++++++++++++++++++++++++++++++++++++ sys/dev/uart/uart_bus_pci.c | 14 ++ 2 files changed, 436 insertions(+) diff --git a/sys/dev/puc/pucdata.c b/sys/dev/puc/pucdata.c index f127e27e7b08..e911a407cca9 100644 --- a/sys/dev/puc/pucdata.c +++ b/sys/dev/puc/pucdata.c @@ -493,6 +493,428 @@ const struct puc_cfg puc_pci_devices[] = { .config_function = puc_config_siig }, + { 0x135a, 0x0841, 0xffff, 0, + "Brainboxes UC-268", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0861, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0862, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0863, 0xffff, 0, + "Brainboxes UC-257", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0881, 0xffff, 0, + "Brainboxes UC-279", + DEFAULT_RCLK, + PUC_PORT_8S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a1, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a2, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08a3, 0xffff, 0, + "Brainboxes UC-313", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08c1, 0xffff, 0, + "Brainboxes UC-310", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e1, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e2, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x08e3, 0xffff, 0, + "Brainboxes UC-302", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0901, 0xffff, 0, + "Brainboxes UC-431", + DEFAULT_RCLK, + PUC_PORT_3S, 0x18, 0, 8, + }, + + { 0x135a, 0x0921, 0xffff, 0, + "Brainboxes UC-420", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0981, 0xffff, 0, + "Brainboxes UC-475", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0982, 0xffff, 0, + "Brainboxes UC-475", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a1, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a2, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x09a3, 0xffff, 0, + "Brainboxes UC-607", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a81, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a82, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0a83, 0xffff, 0, + "Brainboxes UC-357", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac1, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac2, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ac3, 0xffff, 0, + "Brainboxes UP-189", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b01, 0xffff, 0, + "Brainboxes UC-346", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b02, 0xffff, 0, + "Brainboxes UC-346", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b21, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b22, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0b23, 0xffff, 0, + "Brainboxes UP-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ba1, 0xffff, 0, + "Brainboxes UC-101", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0bc1, 0xffff, 0, + "Brainboxes UC-203", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0bc2, 0xffff, 0, + "Brainboxes UC-203", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c01, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c02, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c03, 0xffff, 0, + "Brainboxes UP-869", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c21, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c22, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c23, 0xffff, 0, + "Brainboxes UP-880", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0c41, 0xffff, 0, + "Brainboxes UC-368", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0ca1, 0xffff, 0, + "Brainboxes UC-253", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d21, 0xffff, 0, + "Brainboxes UC-260", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d41, 0xffff, 0, + "Brainboxes UC-836", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0d80, 0xffff, 0, + "Intashield IS-200", + DEFAULT_RCLK, + PUC_PORT_2S, 0x18, 0, 8, + }, + + { 0x135a, 0x0dc0, 0xffff, 0, + "Intashield IS-400", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x0e41, 0xffff, 0, + "Brainboxes PX-279", + DEFAULT_RCLK, + PUC_PORT_8S, 0x18, 0, 8, + }, + + { 0x135a, 0x0e61, 0xffff, 0, + "Brainboxes UC-414", + DEFAULT_RCLK, + PUC_PORT_4S, 0x18, 0, 8, + }, + + { 0x135a, 0x400a, 0xffff, 0, + "Brainboxes PX-260", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400b, 0xffff, 0, + "Brainboxes PX-320", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400c, 0xffff, 0, + "Brainboxes PX-313", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400e, 0xffff, 0, + "Brainboxes PX-310", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x400f, 0xffff, 0, + "Brainboxes PX-346", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4010, 0xffff, 0, + "Brainboxes PX-368", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4011, 0xffff, 0, + "Brainboxes PX-420", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4012, 0xffff, 0, + "Brainboxes PX-431", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4013, 0xffff, 0, + "Brainboxes PX-820", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4014, 0xffff, 0, + "Brainboxes PX-831", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4015, 0xffff, 0, + "Brainboxes PX-257", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4016, 0xffff, 0, + "Brainboxes PX-246", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4017, 0xffff, 0, + "Brainboxes PX-846", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4018, 0xffff, 0, + "Brainboxes PX-857", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4019, 0xffff, 0, + "Brainboxes PX-101", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x401d, 0xffff, 0, + "Brainboxes PX-475", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x401e, 0xffff, 0, + "Brainboxes PX-803", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4027, 0xffff, 0, + "Intashield IX-100", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4028, 0xffff, 0, + "Intashield IX-200", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + + { 0x135a, 0x4029, 0xffff, 0, + "Intashield IX-400", + DEFAULT_RCLK * 0x22, + PUC_PORT_NONSTANDARD, 0x10, 0, -1, + .config_function = puc_config_oxford_pcie + }, + { 0x135c, 0x0010, 0xffff, 0, "Quatech QSC-100", -3, /* max 8x clock rate */ diff --git a/sys/dev/uart/uart_bus_pci.c b/sys/dev/uart/uart_bus_pci.c index 0cb2e183cfdb..9167ad419049 100644 --- a/sys/dev/uart/uart_bus_pci.c +++ b/sys/dev/uart/uart_bus_pci.c @@ -103,6 +103,20 @@ static const struct pci_id pci_ns8250_ids[] = { { 0x131f, 0x2000, 0xffff, 0, "Siig CyberSerial (1-port) 16550", 0x10 }, { 0x131f, 0x2001, 0xffff, 0, "Siig CyberSerial (1-port) 16650", 0x10 }, { 0x131f, 0x2002, 0xffff, 0, "Siig CyberSerial (1-port) 16850", 0x10 }, +{ 0x135a, 0x0a61, 0xffff, 0, "Brainboxes UC-324", 0x18 }, +{ 0x135a, 0x0aa1, 0xffff, 0, "Brainboxes UC-246", 0x18 }, +{ 0x135a, 0x0aa2, 0xffff, 0, "Brainboxes UC-246", 0x18 }, +{ 0x135a, 0x0d60, 0xffff, 0, "Intashield IS-100", 0x18 }, +{ 0x135a, 0x0da0, 0xffff, 0, "Intashield IS-300", 0x18 }, +{ 0x135a, 0x4000, 0xffff, 0, "Brainboxes PX-420", 0x10 }, +{ 0x135a, 0x4001, 0xffff, 0, "Brainboxes PX-431", 0x10 }, +{ 0x135a, 0x4002, 0xffff, 0, "Brainboxes PX-820", 0x10 }, +{ 0x135a, 0x4003, 0xffff, 0, "Brainboxes PX-831", 0x10 }, +{ 0x135a, 0x4004, 0xffff, 0, "Brainboxes PX-246", 0x10 }, +{ 0x135a, 0x4005, 0xffff, 0, "Brainboxes PX-101", 0x10 }, +{ 0x135a, 0x4006, 0xffff, 0, "Brainboxes PX-257", 0x10 }, +{ 0x135a, 0x4008, 0xffff, 0, "Brainboxes PX-846", 0x10 }, +{ 0x135a, 0x4009, 0xffff, 0, "Brainboxes PX-857", 0x10 }, { 0x135c, 0x0190, 0xffff, 0, "Quatech SSCLP-100", 0x18 }, { 0x135c, 0x01c0, 0xffff, 0, "Quatech SSCLP-200/300", 0x18 }, { 0x135e, 0x7101, 0xffff, 0, "Sealevel Systems Single Port RS-232/422/485/530", From nobody Sat Jan 11 12:27:47 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVd8M54n9z5kCTp; Sat, 11 Jan 2025 12:27:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVd8M4Y03z4MnZ; Sat, 11 Jan 2025 12:27:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736598467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fk0+sKs4JWW9r8kuoYTdswod1S9U5c1GkrZrdyeQKTk=; b=RTeBV89gPprsV9U1NByYN3+y2A4WurtE0BQkb56j+sDbQPiSCDZojOhsT5hOc6wElR4u7h j7HjVcdVpIUeHs0vLMdZWylbfKh4J5YXSdRD39ajIYDDqDpOH7k1meSPN8x7S3oeisKDsb X7Int9ScVyWucMzZ7hAqmi5K1Dfuq9Pv9a+p4uJNvRfuqS9B+Uyc9tOf8TaX4oxbn/Epeo zHRziRh5PNFOQ8UogAc+We0qTGYzhOUZWlEDVHGM51XVwjT2zmCa6q17aeTg2outPbw7+H oAHW+sTl+cXH4KDYfRQg0EJb528GUnkfw+NJVizkMjMMQzbcDV22YB5DHdlpAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736598467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fk0+sKs4JWW9r8kuoYTdswod1S9U5c1GkrZrdyeQKTk=; b=kiZJpEaNdyqxdPLXm2phyQcsezBu64fC3JwJIvhR7XwmVc+4Rhldw8AEEkWUl4qV4tzzh7 9SrTTw6N9qnHaYzix9W0IA4jsQPbbl6hh0kWspDS/1efug9u9jqjiQbc6DfWmJxzVAHMad sYYuQGA/CtTJKYCgmpQZmLbECwVQFkv+EvtxR70NVvbqN2QCBdFuzFg13yBCKpjuOCPNDu JGg3ViR4Fb/wKLyoWKEW93UnACVpa4uTwFlPa2aDTC71gV7HFlvTobJMbNVirM59psiy97 q8/nkacw6ZZ7A+FIe1Z4JZVzXvzncPSWcLprsIYyiBDH9T2AQgEhjFNzkFb4bQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736598467; a=rsa-sha256; cv=none; b=pAVr9sOjJy2DRsaFYWF+bMu+L3yDwk54drNXboSZOEPivBFsKfni9PK7X1yEMik8XCPx8P Qwi/Xyk4VrKxwXLxFdOwkJzYetbd3FspazrLD/kKiozPBvgOGyrGrVw97laRg4kHmLdW6V o465nFa72ta24s074KLTmDXlbUiL8/hiG5r2c9yxsiGgVKTxg83C+M8oXDjWCAmrsfGqoS xBajk/YAUZhPSvzlWaZxjwSklEQVvkviUyf4f58ozIMwJ/BIhc/M8jX2a/NaFZiCMLZgdK AWbC86SFBfpbW0noNCIN4IovWjI0eFvw06aXw0ROpO9IZ0Ts+8Objpax5NkJEw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVd8M3p5XzyWc; Sat, 11 Jan 2025 12:27:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50BCRlDE055629; Sat, 11 Jan 2025 12:27:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50BCRlog055626; Sat, 11 Jan 2025 12:27:47 GMT (envelope-from git) Date: Sat, 11 Jan 2025 12:27:47 GMT Message-Id: <202501111227.50BCRlog055626@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Eugene Grosbein Subject: git: d62b2d8f3a47 - stable/14 - Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d62b2d8f3a4711724d984102daa0bd0a5351f8b9 Auto-Submitted: auto-generated The branch stable/14 has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=d62b2d8f3a4711724d984102daa0bd0a5351f8b9 commit d62b2d8f3a4711724d984102daa0bd0a5351f8b9 Author: Alexander V. Chernikov AuthorDate: 2024-11-12 23:36:50 +0000 Commit: Eugene Grosbein CommitDate: 2025-01-11 12:25:16 +0000 Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table. PR: 277125 Reported by: Oleksandr Ignatyev Reviewed by: ae, jlduran Tested by: jlduran Differential Revision: https://reviews.freebsd.org/D47534 (cherry picked from commit 1da4954c92ea7585b352ba830d3ee64ca69ada52) --- sys/net/route/route_ctl.c | 13 ++++++++----- sys/net/route/route_ctl.h | 10 +++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/sys/net/route/route_ctl.c b/sys/net/route/route_ctl.c index a07a58737c1c..d7756f2a0eb6 100644 --- a/sys/net/route/route_ctl.c +++ b/sys/net/route/route_ctl.c @@ -772,12 +772,15 @@ add_route_byinfo(struct rib_head *rnh, struct rt_addrinfo *info, rnd_add.rnd_weight = get_info_weight(info, RT_DEFAULT_WEIGHT); int op_flags = RTM_F_CREATE; - if (get_prio_from_info(info) == NH_PRIORITY_HIGH) - op_flags |= RTM_F_FORCE; - else - op_flags |= RTM_F_APPEND; - return (add_route_flags(rnh, rt, &rnd_add, op_flags, rc)); + /* + * Set the desired action when the route already exists: + * If RTF_PINNED is present, assume the direct kernel routes that cannot be multipath. + * Otherwise, append the path. + */ + op_flags |= (info->rti_flags & RTF_PINNED) ? RTM_F_REPLACE : RTM_F_APPEND; + + return (add_route_flags(rnh, rt, &rnd_add, op_flags, rc)); } static int diff --git a/sys/net/route/route_ctl.h b/sys/net/route/route_ctl.h index 140f14aa9e4f..845df8ce1fbe 100644 --- a/sys/net/route/route_ctl.h +++ b/sys/net/route/route_ctl.h @@ -61,11 +61,11 @@ int rib_del_route_px_gw(uint32_t fibnum, struct sockaddr *dst, int plen, const struct sockaddr *gw, int op_flags, struct rib_cmd_info *rc); /* operation flags */ -#define RTM_F_CREATE 0x01 -#define RTM_F_EXCL 0x02 -#define RTM_F_REPLACE 0x04 -#define RTM_F_APPEND 0x08 -#define RTM_F_FORCE 0x10 +#define RTM_F_CREATE 0x01 /* Create object if not exists */ +#define RTM_F_EXCL 0x02 /* (Deprecated) Do not replace or append if exists */ +#define RTM_F_REPLACE 0x04 /* Replace if route (even multipath) if exists */ +#define RTM_F_APPEND 0x08 /* Append path to the route */ +#define RTM_F_FORCE 0x10 /* Bump operation priority to highest */ int rib_add_route(uint32_t fibnum, struct rt_addrinfo *info, struct rib_cmd_info *rc); From nobody Sat Jan 11 12:35:50 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVdKf5pD2z5kClt; Sat, 11 Jan 2025 12:35:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVdKf55Wbz4N7R; Sat, 11 Jan 2025 12:35:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736598950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5vlPvyQdqVHJxyZO+xGFkpnFmrsBRYmd4XLVpDlwKd8=; b=kqVd45vNRPEcV+MD+zERWulL3pyrUperSRgg3CXCNcyA4z8fYzQhnIk6wPq2MNdTcGvAQ9 c/sU2AoB6HzLaHDcQpyMvUJ05FH63MBzXBLWUhB7+bkjGcBGFWjwtavgB0u0I9ssFgXOs7 R0kyB//ETYuZfDWiq7pkd7paDtyyc51Y7Qsn2GxS5n13qcEEr+2Ag8D9MQMa9kh0Slv8nW cHVnxwo1pwGOMHinWYtTIu+LsiP+UOCsdD9LTZX3vkCzXZbFg4M3svvQng4+WcUoGHhvMc x5a0WaflwHdVzX0MFclgIUAKMtq8nF3oyPSDNT5wlA33hL1iSs0ncPODKjXKlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736598950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5vlPvyQdqVHJxyZO+xGFkpnFmrsBRYmd4XLVpDlwKd8=; b=AY4JLPoP1Vj3Gq33lFrv9Kvelkw6UfRhUaJBJCyp7qS/RyOSYnfee9rMG2Bqs65GNv3JF3 b2UgglMM+Y4XBfdDH+ODu6D1nik2TU79IKrQUskDa+5Bo2gNg5rObcfzxGg5u4ss8TjkrY qQNd0DuJwaOZo4+neeT1QTpDrQBc8u8Bt/tc6Jx4xrvGnKX8MUil9Zenfzevx4xsfpG3tE jcLLq8MDQr89IT98UAY4BqMnzAMLT+PjIfpa8RtG45+TY1CHX9W8qTiehdEon4kpq89kv0 lT/Z/wV8hG5IjCILCJSVw9Cs9RnP1BYL1iE2WX9UEZzhLm2J/dhlL+W+yKxZfA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736598950; a=rsa-sha256; cv=none; b=TntqszvrjnjdjEnPenPgyfyoLKON+fLALQiGSBNXjwBQ4DCe8jk7kJQIOAdPpYX01234y3 VIVFCUrsFYAM0dRMMmD1ReBUd2aeA6QVTgNz5Q3i30+lthw9L1Jh0JLOqeAC4iRWLfxgdV BiAO6TyI9ZqUf2FJR/qGcSrsT9kEmtwQY/vhBp/GUYdqIyqPVzsMM98i3E/OsgOZCVtCgE WkZZt+2hU4jTiFQwW7kHg52kA3CmcXNJ+kOZAwXo6v3xTM+sN4BzXj4w0ot4SXAEIPuC1O qzOfTueECDlW/BJCy+rkwcYpGUog1JFqymO8MWVXfVpH+OdVabxFaHu3x8K41A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YVdKf4gjvzxwC; Sat, 11 Jan 2025 12:35:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50BCZosE073563; Sat, 11 Jan 2025 12:35:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50BCZoht073560; Sat, 11 Jan 2025 12:35:50 GMT (envelope-from git) Date: Sat, 11 Jan 2025 12:35:50 GMT Message-Id: <202501111235.50BCZoht073560@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Eugene Grosbein Subject: git: f57df4589d3c - stable/13 - Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f57df4589d3cd91dac88b2c9edb80ad0eb50979c Auto-Submitted: auto-generated The branch stable/13 has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=f57df4589d3cd91dac88b2c9edb80ad0eb50979c commit f57df4589d3cd91dac88b2c9edb80ad0eb50979c Author: Alexander V. Chernikov AuthorDate: 2024-11-12 23:36:50 +0000 Commit: Eugene Grosbein CommitDate: 2025-01-11 12:34:48 +0000 Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table. PR: 277125 Reported by: Oleksandr Ignatyev Reviewed by: ae, jlduran Tested by: jlduran Differential Revision: https://reviews.freebsd.org/D47534 (cherry picked from commit 1da4954c92ea7585b352ba830d3ee64ca69ada52) --- sys/net/route/route_ctl.c | 13 ++++++++----- sys/net/route/route_ctl.h | 10 +++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/sys/net/route/route_ctl.c b/sys/net/route/route_ctl.c index 75e4be5e9a5c..fd09998d4a01 100644 --- a/sys/net/route/route_ctl.c +++ b/sys/net/route/route_ctl.c @@ -757,12 +757,15 @@ add_route_byinfo(struct rib_head *rnh, struct rt_addrinfo *info, rnd_add.rnd_weight = get_info_weight(info, RT_DEFAULT_WEIGHT); int op_flags = RTM_F_CREATE; - if (get_prio_from_info(info) == NH_PRIORITY_HIGH) - op_flags |= RTM_F_FORCE; - else - op_flags |= RTM_F_APPEND; - return (add_route_flags(rnh, rt, &rnd_add, op_flags, rc)); + /* + * Set the desired action when the route already exists: + * If RTF_PINNED is present, assume the direct kernel routes that cannot be multipath. + * Otherwise, append the path. + */ + op_flags |= (info->rti_flags & RTF_PINNED) ? RTM_F_REPLACE : RTM_F_APPEND; + + return (add_route_flags(rnh, rt, &rnd_add, op_flags, rc)); } static int diff --git a/sys/net/route/route_ctl.h b/sys/net/route/route_ctl.h index 8591f36fbbe1..aea7d2d04a0d 100644 --- a/sys/net/route/route_ctl.h +++ b/sys/net/route/route_ctl.h @@ -59,11 +59,11 @@ int rib_del_route_px_gw(uint32_t fibnum, struct sockaddr *dst, int plen, const struct sockaddr *gw, int op_flags, struct rib_cmd_info *rc); /* operation flags */ -#define RTM_F_CREATE 0x01 -#define RTM_F_EXCL 0x02 -#define RTM_F_REPLACE 0x04 -#define RTM_F_APPEND 0x08 -#define RTM_F_FORCE 0x10 +#define RTM_F_CREATE 0x01 /* Create object if not exists */ +#define RTM_F_EXCL 0x02 /* (Deprecated) Do not replace or append if exists */ +#define RTM_F_REPLACE 0x04 /* Replace if route (even multipath) if exists */ +#define RTM_F_APPEND 0x08 /* Append path to the route */ +#define RTM_F_FORCE 0x10 /* Bump operation priority to highest */ int rib_add_route(uint32_t fibnum, struct rt_addrinfo *info, struct rib_cmd_info *rc); From nobody Sun Jan 12 10:20:29 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWBH13NQ8z5kQcj; Sun, 12 Jan 2025 10:20:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWBH12g2vz4LnB; Sun, 12 Jan 2025 10:20:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736677229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FTrXUyQBSUomMi+7UJ4Qo4tUSQbCRuPGenUfUbF38Ek=; b=pcoCBHr5p3c2EpDZWBbPkoRITcXAG/rF0t9Yc3ubqpmLt903ZCoydI3ewoWnKCjeqb0KmU zZ/NNxdt4jZCsmMyaDgliQUjpBOiUNN6plasWW1tfncvNmUqKB9TT1TBy/uMUdUwrhexc2 HNSLoVcpq5uA6D/yHUvqozKZl9gl32TDview+/xM2ncjNww0U8d1CKUqN1nnIV0Xaz+V86 S7NSGE+RowPZPumtA8RS+DgN19j26FnP0PUcXTS4z9Pxtk0bjZCgPmBpoipKodyBa843nH Lc1GeZQ++AuVJPUEqx8r2W1HCtYQwQGbdpXgYRq96pIgLkAUH35s0y9wmlmbZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736677229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FTrXUyQBSUomMi+7UJ4Qo4tUSQbCRuPGenUfUbF38Ek=; b=VVqNQ2HKCO4fG8QSRtB0jjP9knxrqGDFc57EsFpnXeG4wK40rUVjqzdlNAl6CxoKAi/Iao 66hBhmpbnSLoDcgIB7ZZd5dP4+2C/JJJB2a91UpWCaQqYiibuHmLFNw7zyAIw2iLjcR9Zc 3DQjxMAWzmITo1E3uA/Wyf9v0T4PkHp88+Z3yH4ujqXgZPRdoe6PREK2bqCbS7rgE9qddy 2byU5NbFURdxcZl+8xmWusWKZCM2C2h7Ye7clYlX5It7W0SxtZjPfJDt6vGgFBGPaSs62K Qx5sRtqR5Oj9Dp8WZyC7zeOLk+Yw7gSiR11xJdQhUe2ZDHVRRacQIk0imcp6Gw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736677229; a=rsa-sha256; cv=none; b=QeVfcSg+wXyvhneds70u1eIXZoCebScwGtUAJW+S9u7epcigXr3OJhmDPmTeMr/HRJZID5 6kRSQZlkVmq53i8sViT7Go9XeCf5y2sUIhH7hr6+IF8oqtJsyJfo3a2M0zqMmjDlZNttAm xrcNb27fRBA7BkdZdKh822AjMs2iPRQORz+OAF/YzZ+QpD5164/A/BWwxtykuSw27urLt6 LoHCV2bbOuC2VY8eAYvo4pDKxfgQaw2FiqRldN8LfTKFeta0liyjy+NaUcN7sGFaSh7jZF jOHPglASHHSnRjmnZHich3TjCoDZ2aNRWYrXjA4qmXExEPTdUrpf+ahHxk2t2w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWBH121X4zgV0; Sun, 12 Jan 2025 10:20:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CAKTBl012630; Sun, 12 Jan 2025 10:20:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CAKTET012627; Sun, 12 Jan 2025 10:20:29 GMT (envelope-from git) Date: Sun, 12 Jan 2025 10:20:29 GMT Message-Id: <202501121020.50CAKTET012627@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 2e2c4e312ef1 - stable/14 - umtx: handle allocation failire in umtx_pi_alloc() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 2e2c4e312ef1adfc21f7f8264082b3027f7a1931 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2e2c4e312ef1adfc21f7f8264082b3027f7a1931 commit 2e2c4e312ef1adfc21f7f8264082b3027f7a1931 Author: Kristof Provost AuthorDate: 2025-01-05 16:09:08 +0000 Commit: Kristof Provost CommitDate: 2025-01-12 09:47:03 +0000 umtx: handle allocation failire in umtx_pi_alloc() Don't assume that this allocation will succeed. We may have been passed M_NOWAIT. The calling code already handles allocation failures, but the function itself did not. PR: 283807 MFC after: 1 week (cherry picked from commit 50c1e179b584f43ba82e9afc91b25ec4831b58ef) --- sys/kern/kern_umtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c index 0ba0876bfb1f..7cfe68730e7d 100644 --- a/sys/kern/kern_umtx.c +++ b/sys/kern/kern_umtx.c @@ -1739,6 +1739,9 @@ umtx_pi_alloc(int flags) struct umtx_pi *pi; pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags); + if (pi == NULL) + return (NULL); + TAILQ_INIT(&pi->pi_blocked); atomic_add_int(&umtx_pi_allocated, 1); return (pi); From nobody Sun Jan 12 10:20:30 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWBH23mXQz5kPtS; Sun, 12 Jan 2025 10:20:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWBH23Cm7z4LnD; Sun, 12 Jan 2025 10:20:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736677230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UrUNP7yk3jOp1B1CMwlcAGC0TWHvRZBLDKG0mPnRsLg=; b=hgemcLPcatHUKOS4oAjkvODxJpBTg0lyQ2R3/we2PoRqheDs7A+VnO0XpzVFE7phfR0C0Z t40Nd6NB1rKdrwAR/v7vSvsQiwGYqiyJJLC33QWKCulaT2OlM8xs6VOOv5xdhcdncp11U3 Uqm6xjXZ+HRHjjAIB4De9UMhT1wMxn552rBI/4H/0A8fLPbJBc98lRdoowmiL1XWzCN2s8 xZwknuKI9OYASTfYqOzzrKXLRhdXd9vix0qTYfOACyzHjxrVppbpfTKqi2lqfuVxFyWqq7 zc9OHt1vwszAVWKvaiLwtawW0ou6FUn/EzHzP3WXKLXKoVqGiXNQTnLgFj2sTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736677230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UrUNP7yk3jOp1B1CMwlcAGC0TWHvRZBLDKG0mPnRsLg=; b=iWymzRc/h3XoklqquXD3FOhd5MKyeajXK/D6f0Posq7J+kMJCaRey84c0YaxxbUno5YC98 ibKAirLUn+cgTcKW1W0Y5TRzKM+3aL8zL7FvQWb51YV6f8TuVpazQV8DJABcqUSabnwD00 tBknvqmb+Yxc2qPftyjwTl28Zw5Ugc/VYETBNyMzsdc+GWN+hyBSxVoiROYrQpZuixJUkv OMdZn5CQlO3YO+Bg+0B6ZjjY4gFcvLERDJgHJOpjD38/GA49yN4kxErYrr7Vj6t8lrLmO5 /xMU4OWVT3dHgHM3GygStHYIkurPRu+gl/P9adroElyMRUm5T7y/nvrDHDEa2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736677230; a=rsa-sha256; cv=none; b=SrcZXM8fIzU2x2avWZm9Yz7WP9ugvhrZ6GOBEhYQxGo07IgSlhG6b1xmK48m9cprKaC9ns y73guTvWywXOA21dppqbvxoWb5qi4TcrcytThhouyywo4NTcmLr8HiJtmdEe3vrQHYlbVi pibWn9RHny2ejSZfTke/FS/w4zuNKu+EXGz94fcwJ9G5PWoBq6XHXJdFpFRrD91snzCqsF BAsRRNlwOQcU5wa1JPsGeOxkprSrXd9Ukb6qJrmX6bbVr+n3qcubQI2Xc/1cv+e3g5PWOI 8ZD88yL48WksXhXSAOl5oqnn1/SydcEsmCbKsC56tcvol7vethrAVRVMyR3rQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWBH22mSxzgxn; Sun, 12 Jan 2025 10:20:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CAKUnn012766; Sun, 12 Jan 2025 10:20:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CAKU81012763; Sun, 12 Jan 2025 10:20:30 GMT (envelope-from git) Date: Sun, 12 Jan 2025 10:20:30 GMT Message-Id: <202501121020.50CAKU81012763@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: dfd9c9bc3f86 - stable/13 - umtx: handle allocation failire in umtx_pi_alloc() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: dfd9c9bc3f8627a15443f9bfc068a7eade2d688c Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=dfd9c9bc3f8627a15443f9bfc068a7eade2d688c commit dfd9c9bc3f8627a15443f9bfc068a7eade2d688c Author: Kristof Provost AuthorDate: 2025-01-05 16:09:08 +0000 Commit: Kristof Provost CommitDate: 2025-01-12 09:46:31 +0000 umtx: handle allocation failire in umtx_pi_alloc() Don't assume that this allocation will succeed. We may have been passed M_NOWAIT. The calling code already handles allocation failures, but the function itself did not. PR: 283807 MFC after: 1 week (cherry picked from commit 50c1e179b584f43ba82e9afc91b25ec4831b58ef) --- sys/kern/kern_umtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c index 61b86d0b62b1..5929a355f4a6 100644 --- a/sys/kern/kern_umtx.c +++ b/sys/kern/kern_umtx.c @@ -1740,6 +1740,9 @@ umtx_pi_alloc(int flags) struct umtx_pi *pi; pi = uma_zalloc(umtx_pi_zone, M_ZERO | flags); + if (pi == NULL) + return (NULL); + TAILQ_INIT(&pi->pi_blocked); atomic_add_int(&umtx_pi_allocated, 1); return (pi); From nobody Sun Jan 12 19:31:58 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWQWL3vhMz5l8rs; Sun, 12 Jan 2025 19:31:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWQWL3PzSz4NRK; Sun, 12 Jan 2025 19:31:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736710318; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ipDnAYoQmDuuzlh7b4DFMmKlG6HurcMxyAtlyVhi3wU=; b=i9BvQq0AuSq03T0o8wVsIpD7ZN8v2Bx1b9cI3JPxnbc2XQqJLgxW24Jf6SZnapBBhwLcGY 9Rb8rOcY4K2hWSOTBz9Dt8sORaxHCRagmwH5i5/9dgfxaokFO4yYSyJKNn52BErYN6YUkT ten+h3+5q/j+6awxIkbFevriK1wL3jMojVwiwEwidxqFAkBNiUTpD1YtTdckFU92Cl0Knl sMhnVaiY8SEpBaG2FwJ0+ZVM5RQwFvgfs8/hovEa0cXdbZTfwqPyMDo544R+2hBC5y2xSm vmRiR64AwaPfdLwLGPAjwZ1GDi+i4mH0c+s3LsA+Z89kQfBv+aOzINIWjfS2iA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736710318; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ipDnAYoQmDuuzlh7b4DFMmKlG6HurcMxyAtlyVhi3wU=; b=PfYKgxPzaoBBIex7B7qCDAlFRURytE5CKZVaWdLVKSdEsoZrTpMnoXmXcn7LyYqVVaC+4d 9s+X1pnFSxeB/TiqbAcSoZuQ/tNL4MGjAWkCg973g5QH+eUJLg3DGx8mR4tSO+bi3gUDcl iWSxUbNax15rDxsmylVW1MNruimKqdjRsWApAUhE7404Lr2GGcmvwWXS4PB4D2HI+O8D3a LocpQH9zuOPh03Rn2YH0iNTxvOUjI00rl0jwXKy+tkehiAhzuOvCCP6eY5jy+uYMoACmUE GuOM//wHnVH8jBFb3BLn7lBR5L7xETkj5K6ErinmzxXbG0SFOsMp4UtSdd2cCQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736710318; a=rsa-sha256; cv=none; b=WwFn257jJWs1SuwrX9nl638Rj4LJMgKSnoPolstF8Y2hae5jlUrOYEIfDCS8C6qprlf8Aa VQ7L4pWiG+7nYTAFVsMKlCiqBY0zHyefjUp0/WxZkJJp2uusL4xbsiziwxj7667/JSWMQB /8cX7d3Y8n4z9uMATRWK5n0A+3nuniOlFnFIiIs/9nLkTGugXSpisP7UyIj4lFyv12+0xZ /GslqtEkRdrqgGvFTAhdpn29ZkvPH5yNvkeUp+HB7arDk+NLaqugQGFKc974i2Ll/QxIJV p0r/JwM6YnvLfmhH4zX+FZgHV+E7w9EOUGrsNR7gLPvx3rtzDksSi8Rts/ifPw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWQWL2z3Nzxhb; Sun, 12 Jan 2025 19:31:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CJVw4Y047170; Sun, 12 Jan 2025 19:31:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CJVwUm047167; Sun, 12 Jan 2025 19:31:58 GMT (envelope-from git) Date: Sun, 12 Jan 2025 19:31:58 GMT Message-Id: <202501121931.50CJVwUm047167@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 7fbbab2d326b - stable/14 - bsnmpwalk: Fix crash on invalid data List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 7fbbab2d326bcbfa1592c6104b745cd5973f5aaa Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=7fbbab2d326bcbfa1592c6104b745cd5973f5aaa commit 7fbbab2d326bcbfa1592c6104b745cd5973f5aaa Author: Shteryana Shopova AuthorDate: 2025-01-10 20:30:21 +0000 Commit: Ed Maste CommitDate: 2025-01-12 19:31:44 +0000 bsnmpwalk: Fix crash on invalid data PR: 258570 Reported by: Robert Morris Reviewed by: emaste, markj Differential Revision: https://reviews.freebsd.org/D48422 (cherry picked from commit f021e3573519ff192fc708cda9ca4bba264c96f7) --- usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c b/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c index 81108387d3a4..9d5a693c7c68 100644 --- a/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c +++ b/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c @@ -502,7 +502,7 @@ snmptool_walk(struct snmp_toolinfo *snmptoolctx) outputs += rc; - if ((u_int)rc < resp.nbindings) { + if ((u_int)rc < resp.nbindings || resp.nbindings == 0) { snmp_pdu_free(&resp); break; } From nobody Sun Jan 12 19:32:59 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWQXW4Bfyz5l98b; Sun, 12 Jan 2025 19:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWQXW3WDDz4NkX; Sun, 12 Jan 2025 19:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736710379; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H0xNOsOD4O7mQR1ty1acQNSECb3UWCGiqh8Rx+507mo=; b=YlxqjeP2+zm3RZOt5M5Yj/zed0KiCW7ay+2DEyFm1BgU/kG0KOvIZyutuovtyJZTnrKS95 8VCSNaLCZfA3xGJ+hS/6V4gY1ss65HTPjk0kivpQkE4RL0vcxspprncCVVxIBQBY27C6cA rwVQCX08AdjQ1GNrPTe/4JbG1uGc9uZ9KLufGOqTGa3b9+ORnMCa2PgqWrDtivhs002HjP 8k/fNFGFl1BNi42aQf8Lb4i7WUIsj/bKX0Kk1Yxfr3VHKCbNTVapkRA3oS9Bd8AUJjtGfo 3ufOVZAG4I3WM4FDIZLAvmeOCOkBm4/gsiqLr2IpH/rTX4n0Nd3XK9oVGev/lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736710379; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H0xNOsOD4O7mQR1ty1acQNSECb3UWCGiqh8Rx+507mo=; b=nkmKpgFfIoKQHvXz09wSmaIT2Khu87gj2M2cFBy1jKr+pLeINK+bfuHByORzGeFkQOtGPj LsJUgpniBx5FTqs62HKY7fD1exqcliIK/SM+ETYT30crLUN+S0sjd8XQtHT6osX0a8sqyN tMnPRFe5Xx5Oo53lQlY9GZuFRZoHBPSV3YizndF2Lu/0u3wFiWI7z9xGfo6ysiPxLbKmVh cr5fsQi0odg+Wp717hMJqiusY6Cnii/maLvzngnfiyMm6kf2UjSeUWDfRn7fssEzbypekz uGtWGsf5ohGc6Mtdy81WgpmBICczqNQ0SXgV4rCS/FCMbU18IsmGgNqjzNtXyA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736710379; a=rsa-sha256; cv=none; b=RmBN+h4L37JpHW0NolcckXOfXFYsYXXtGQpQWS6v9iB0OkQefyyt9aQTBVwPrme3/i1ipe NeD3CG9r/VpyHrRlV7CfcciHrVtYn7t2Gw9ZN3z8QGrElHN3XDWo8svAEqMgnSVuF+KWMt RbmdbE0bkmLBJ40UzW3wyAhguSPtn/Q7GKBDAXaCGyZD4/9ze7gXi3NAFGBG+PXUcnnCh4 j93b2EhQuK/+oS84xnpGc3yvSvZt+aFLiTGkAiVSweXftW6oxISJOdRwbLC1AKcDN980hN Z2ukqwC8SdvHe/zvZNWrexsFdcTL7kVq4qOASMZ2lPsq48OxYIENccNbPvI11w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWQXW2yGtzwx0; Sun, 12 Jan 2025 19:32:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CJWxPW050233; Sun, 12 Jan 2025 19:32:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CJWx0T050230; Sun, 12 Jan 2025 19:32:59 GMT (envelope-from git) Date: Sun, 12 Jan 2025 19:32:59 GMT Message-Id: <202501121932.50CJWx0T050230@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 748e7bc1521c - stable/13 - bsnmpwalk: Fix crash on invalid data List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 748e7bc1521c87d292e8762c59e415ac687f69a2 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=748e7bc1521c87d292e8762c59e415ac687f69a2 commit 748e7bc1521c87d292e8762c59e415ac687f69a2 Author: Shteryana Shopova AuthorDate: 2025-01-10 20:30:21 +0000 Commit: Ed Maste CommitDate: 2025-01-12 19:32:38 +0000 bsnmpwalk: Fix crash on invalid data PR: 258570 Reported by: Robert Morris Reviewed by: emaste, markj Differential Revision: https://reviews.freebsd.org/D48422 (cherry picked from commit f021e3573519ff192fc708cda9ca4bba264c96f7) (cherry picked from commit 7fbbab2d326bcbfa1592c6104b745cd5973f5aaa) --- usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c b/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c index 81108387d3a4..9d5a693c7c68 100644 --- a/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c +++ b/usr.sbin/bsnmpd/tools/bsnmptools/bsnmpget.c @@ -502,7 +502,7 @@ snmptool_walk(struct snmp_toolinfo *snmptoolctx) outputs += rc; - if ((u_int)rc < resp.nbindings) { + if ((u_int)rc < resp.nbindings || resp.nbindings == 0) { snmp_pdu_free(&resp); break; } From nobody Sun Jan 12 20:12:27 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWRQ40QgNz5jkK6; Sun, 12 Jan 2025 20:12:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWRQ36yH6z4TVM; Sun, 12 Jan 2025 20:12:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736712748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+iJKFhvsTadn529Udv2b09N2k8eEmOav4X4FOm6+Dpo=; b=ADe2xVcGRHqq0bXdogG7xgxYanszc+WwKsp3qEMgmpVzAdoSd+xVmBYMbVRItrlKgA3KD0 5aF0fcbLnRLL3ps0iG9mAw/rApR/TzSefqXglO01D2b+/tj5XVovgTXY6+Ht+wieQSpeRN xwaqbhPneynfdmO6uFaQY2fOpT8jeB9t3Lcs1fJdLJKU20rX0q6PJ/WqdUxlyhskcuhubY A35ZUSDkmd42bStoS1hIWPG2w3HDIqvnDRs+50NjUWD8vgiwb6LZ1jIpywIWJdlG5cnIs/ 2O1QQ+FwmpgdrqMXUA9M2gtTG8/kpEzEMgt1YdbbeAs1WUzcSUVHT3AC2a9r5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736712748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+iJKFhvsTadn529Udv2b09N2k8eEmOav4X4FOm6+Dpo=; b=HO9xK4X2hqMTWkyKCGe5Mb+IEvRwgElgOv4zr5BB8H9wKrnXwRTqNlBH3niH0KbndAeSzD 6cZpOOjpKRWE5l0cBBP+Sl+DdhZCj5oLoQd1aM9Tn7vCeNl/fAwV9qHJF4nbbN+vW/mc2z t/Fwr1zx9K25mLwKcx/JpPiludH3IcdPnfwQypAsZQB5mRbtVThxIVlQe/17cD5R1PHcAg 0A1JnWMAk64K5ijcaYXA681dskVO/W2EADXi2FWF6jwh7VY7aDra9zuj3ykoNqM9PtrlAq SWOzsxCy7+Rsh7uNHcP5dYiDUS2uTNY0aOukacCrJo1Sq06EVPes/tR2pagf6Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736712748; a=rsa-sha256; cv=none; b=kTvkcJjqbO0Dhi6oQPeFEF/ZdEhX4Rz3b6niXffre/9i/mRc5S5yJyh4jyAXqbKrYPdOfu 4yup1FUcECOzI4qZIZ3RJ6onpgZwA3gj+g1BgjldqSYKAJB+cu/ovwk4b4dEUjBdWgw/k3 jiKWhrYGw0aBn5hIPs+f0TSXXZMoS/KlooIZS44bb5yazIlbK8H3NVw7OFEGGX9NZpR6P9 yjksagzrj7k1f9a/9oKglTtgIMZz0+TZFCWJe1N/CggwtNbSvbJSwz+JgqJq3zikwDAr2A HpnxmJ4DG4C6xlib4b5G/L9GQuPi1lAUZ5D3c57OkEj4Mf2t9eqdn79082i9PA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWRQ36YNqzyjJ; Sun, 12 Jan 2025 20:12:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CKCRuo025657; Sun, 12 Jan 2025 20:12:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CKCRqc025653; Sun, 12 Jan 2025 20:12:27 GMT (envelope-from git) Date: Sun, 12 Jan 2025 20:12:27 GMT Message-Id: <202501122012.50CKCRqc025653@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 18790167dcac - stable/14 - pkg: include missing List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 18790167dcacafeb7da9049fed8c66c2d07111d9 Auto-Submitted: auto-generated The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=18790167dcacafeb7da9049fed8c66c2d07111d9 commit 18790167dcacafeb7da9049fed8c66c2d07111d9 Author: Kyle Evans AuthorDate: 2025-01-12 20:08:41 +0000 Commit: Kyle Evans CommitDate: 2025-01-12 20:12:12 +0000 pkg: include missing My local environment seems to be seeing some pollution; we need for strlen. PR: 284021 Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]") (cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd) --- usr.sbin/pkg/rsa.c | 1 + 1 file changed, 1 insertion(+) diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index b28f44ec1953..0056ccb595a9 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -32,6 +32,7 @@ #include #include +#include #include #include From nobody Sun Jan 12 20:12:31 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWRQ76P7wz5jkBl; Sun, 12 Jan 2025 20:12:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWRQ75TBPz4Try; Sun, 12 Jan 2025 20:12:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736712751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVFOD9zi5VuCa7plpf+VcvGei43JHEKBGyPVxVnAb/o=; b=B3AkG6S4/zD+iOmnoptUPwBcMmit4uKl6n9YEhMs/ThFol86jMpwqufqUxJHRf093vjiYe K9+O+fI5n+vl7Jmnu2j9gDEWjS+WtnCWlPXOglLbArdUAWlui8o82RFe5gGn9dCexsR3Am 4j/Eq0ACTrDa30M5cwONRK9yu2ZOurgW+ng2rTgSo5Ypgu3DQBD0AnDIg+5pk9Cee0fMVL CzG7lFTq73iUSaA2pL8oKxABx719RAbijo3kvyqpdJIrOqdVanoBTOGSoCEVPDqF0W2QPq z5UD4xenCH9lOyUTNQBLmYtoUZlc9CWHhXTS2J4Eb78Oh/vmaTux19M3ERflwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1736712751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVFOD9zi5VuCa7plpf+VcvGei43JHEKBGyPVxVnAb/o=; b=tF9Av7L+JCmcbRxpefq7APU0SYC/Acy02vCqjzSMe2STR1yRBMHrDxplljidyzAlXF4wdk +sASyXVnULlzi3TJtnXCrqkTWaIRSNDVrb04HxgAc4yFEgXIB62vkOEJn96CoXnzWGzKAF thdhfSYLD1SeDqtDtqoSWODTFJ1oHq1m2gX1hY/bl4Zu6BE1OW+gy7lo21sYyMHWWwuY1S 9CXZ9YbCeNAf9fNrnUbVrGzBVMKWCVv7QnUUuYbay/xFjVOZHXzT6j2ftgwD3VM76Xs+sk pZpvCwfZNwQVhssjo+7Nv+LeOvwp8AKvR843o7/B1jZx1Rx1jFQF2a1sQz/nnw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736712751; a=rsa-sha256; cv=none; b=oiD9pQ5onbKg97TOwO1hMCwGsqy1SuuWG1djZ8ltHc28tcKbO9dfV8l+A536hyjwg8A9nw ez0Ksth5Y/Pr9cYwveE9lu2Wb56UJl0zwdhpmnAkCqYTozOJ7ZSi6/90mHVBI+dKlm0G7L FTMK+oJsu7DPeAcgqD2Wot9kKxPt3ADSfJCZsHsdp5E9q7wP2fB9B94xwWm1V91xW+pRcf +hV8hH+H3p+Z+OiRM836igs6VIhOScNKePwc0jfwm7CJYgDjb6fg7ve9LWjQI0MK1R31jG MXS7UmhUdnsJSMCIHtNitalTC/G20zF+uDoqx3NTpGE7nYIpvzzP4HyIgDtF4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YWRQ74vM1zyjM; Sun, 12 Jan 2025 20:12:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50CKCV2B026074; Sun, 12 Jan 2025 20:12:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50CKCVS0026071; Sun, 12 Jan 2025 20:12:31 GMT (envelope-from git) Date: Sun, 12 Jan 2025 20:12:31 GMT Message-Id: <202501122012.50CKCVS0026071@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: c6bf965f5d1d - stable/13 - pkg: include missing List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c6bf965f5d1d7cf32f26ecd5df0f8a5f5baebb0f Auto-Submitted: auto-generated The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=c6bf965f5d1d7cf32f26ecd5df0f8a5f5baebb0f commit c6bf965f5d1d7cf32f26ecd5df0f8a5f5baebb0f Author: Kyle Evans AuthorDate: 2025-01-12 20:08:41 +0000 Commit: Kyle Evans CommitDate: 2025-01-12 20:12:18 +0000 pkg: include missing My local environment seems to be seeing some pollution; we need for strlen. PR: 284021 Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]") (cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd) --- usr.sbin/pkg/rsa.c | 1 + 1 file changed, 1 insertion(+) diff --git a/usr.sbin/pkg/rsa.c b/usr.sbin/pkg/rsa.c index b28f44ec1953..0056ccb595a9 100644 --- a/usr.sbin/pkg/rsa.c +++ b/usr.sbin/pkg/rsa.c @@ -32,6 +32,7 @@ #include #include +#include #include #include